Biometrics. Facial recognition. Fingerprint sensors. Passwords. Security questions.
All these have become essential tools to authenticate people’s identities across devices, at security checkpoints, applications, and systems. And identities are under attack in a world that is increasingly going digital, with living and working in virtual spaces such as the cloud.
The manufacturing sector has come under threat like never before, as they have become targets of cyber attackers who just have to find a weak point in a network to breach and then infect the entire IT infrastructure, potentially maiming a business by resulting in millions and billions of dollars of losses. This is why identity – both human and machine – has become a large part of the cybersecurity conversation today.
The cybersecurity community and reports have started calling out an identity as one of the most significant threats to any business. This is because, in a classic IT environment, the best way to authenticate is through identity. With automation so prevalent now, bots hold credentials across servers. Hackers just have to hack into one server, and the security of the entire network is compromised.
Now let’s rewind a little bit to understand why the manufacturing sector has become so vulnerable to cyberattacks.
Prior to the coronavirus pandemic, cloud adoption in the sector was not widespread. In fact, most industries had reservations about moving to the cloud due to security concerns. This was especially the case for companies in critical sectors such as defence and energy. The cost of going on the cloud was another factor since most companies had already invested heavily in on-premise software and felt obligated to generate some form of return on investment on these.
Then the pandemic came and, with it, lockdowns. Companies were forced to have their employees working from home, regardless of whether they had their operations across India or the world. They had to adopt digital technologies such as collaboration apps to support remote work and operations, necessitating the move to the cloud.
Things were moving at a much faster pace, driven mostly by business needs, and cybersecurity took a back seat. Adding to the challenge was the lack of IT expertise, especially cloud expertise. The gap between the adoption of disruptive technologies such as the cloud and the IT teams in place widened. Expertise in managing legacy systems couldn’t be applied to a cloud environment, which was more dynamic.
Companies hired web application developers, and cloud-native capabilities came into play. A challenge that had arisen was that web application developers were using open-source technologies, which are vulnerable since they are in the public domain and easily searchable by hackers. This has resulted in the opening up of large attack surfaces. It is easy for hackers to scan public domains where developers normally source codes, make changes to them, and disrupt businesses.
In addition, with corporations increasingly automating their routine processes, there was an increase in machine identities (that ensure confidentiality and integrity of the information exchanged between machines) in organisations. The CyberArk 2022 Identity Security Threat Landscape Report identifies how the rise of human and machine identities, often running into hundreds of thousands per organization, has driven a build-up of identity-related cybersecurity “debt,” exposing organizations to greater cybersecurity risk. Machine identities now outweigh human identities by a factor of 45x.
This brings us back to the original point that we started with, that identity has become a basis for connecting machines and the challenges arising from that.
In the healthcare sector, for instance, they have started adopting IoT devices. Critical infrastructure segments such as power and steel makers are also adopting IoT technologies. The moment you have IoT, the exposure to cybersecurity threats rises exponentially, especially so if identities are being compromised. With the country’s lack of data privacy laws, encrypting data is very critical.
Any cyberattack in the infrastructure sector will have a snowball effect because they are integrated backward and forward with their vendors and end users. Vendors with weak security systems may prove to be the chinks in the network that can bring down a corporation.
It is not merely enough to have technologies in place, however innovative and effective they are, even if they help in time-to-market for corporations. As India moves towards becoming the next big global manufacturing hub, it is important for companies in the sector to align their cybersecurity strategies to their business strategies and these must be dealt with at the top, even at the board level.
Another thing to consider is the importance of adopting identity security, a core set of capabilities that enables organizations to secure the access of human and machine identities to an organisation’s assets and data while enforcing least privilege and enabling Zero Trust. With Identity Security, access is monitored on an ongoing basis with continuous identity threat detection so that the appropriate identity security controls such as session suspension and step-up authentication can be applied based on risk.