#Cybersecurity #Denmark #Copenhagen #Ransomware #Secomea

Addressing Ransomware Threats in Manufacturing

In recent years, factories have witnessed a surge in ransomware attacks, prompting manufacturers to reevaluate their operational technology (OT) remote access strategies. According to Secomea, a provider of secure remote access solutions, the increasing prevalence of publicly reported incidents highlights the need for enhanced governance over remote access in manufacturing environments.

The Need for Rethinking Remote Access

Operational technology encompasses the hardware and software that detects or causes changes through direct monitoring and control of physical devices. Remote access is vital for maintenance, troubleshooting, and device support, particularly in operational technologies. However, with ransomware groups targeting manufacturing firms, security teams are under mounting pressure to balance operational continuity with cybersecurity. This challenge is exacerbated when considering the accessibility that certain third parties need in production environments while ensuring that potential vulnerabilities do not compromise security.

Knud Kegel, the Chief Technology and Product Officer at Secomea, emphasizes a fundamental flaw in many companies' approaches: while efforts are concentrated on halting intruders, insufficient attention is given to the extent of access granted once an intruder gains entry. “For manufacturers, remote access is critical to maintaining operations. The challenge is ensuring this access is controlled, limited in time, and traceable,” he stated.

Key Strategies to Enhance Security

Secomea recommends focusing on three critical areas to mitigate the risk of ransomware:

1. Minimize Continuous Access: Access for third-party vendors should be granted on a just-in-time basis and revoked immediately once their tasks are completed. By limiting the duration of access, the likelihood of credential misuse and unauthorized activities decreases significantly.

2. Improve Transparency and Traceability: Organizations need the capability to track who accessed their systems, when the access occurred, and the actions taken during that time. Creating detailed audit trails aids investigations, compliance requirements, cybersecurity insurance reporting, and incident response.

3. Readiness for Containment: In instances of suspicious activity, security and operations teams should have practical measures to isolate affected resources swiftly, preventing disruptions from spreading to production environments.

Integrating these strategies effectively creates an OT access control system that incorporates the principles of least privilege, just-in-time access for vendors, traceability, and quick containment. This approach not only mitigates cyber risks but also supports sustained operational continuity.

The Growing Importance of Effective Governance

As manufacturers grapple with heightened regulations, increased cyber insurance demands, and continued pressure to maintain operational uptime, these measures are becoming increasingly critical. The transition in focus is moving from merely enabling remote access to actively controlling and monitoring it.

When manufacturers restrict, monitor, and contain access effectively, they can better reduce operational impacts associated with cyber incidents. “Ransomware resilience in manufacturing increasingly hinges on how organizations manage remote access to OT systems,” says Kegel. “Just-in-time vendor access, session transparency, and the ability to contain affected resources are becoming fundamental cybersecurity practices.”

Practical Steps for Reducing Risks

While manufacturers reassess their cybersecurity resilience strategies, Secomea suggests evaluating whether the following controls and processes are established within their systems:

• - Implementation of just-in-time access for suppliers rather than persistent remote connections.
• - Approval-based workflows for accessing critical systems.
• - Permissions aligned with the principle of least privilege for users and vendors.
• - Audit trails that support investigations, compliance checks, and forensic analysis.
• - The capability to quickly isolate affected resources during an incident.

The current landscape demands an evolution in the management of remote access in manufacturing. Manufacturers require not less connectivity but rather better control over such connectivity. The implementation of refined access governance procedures will play a crucial role in enhancing operational resilience and safeguarding systems against the threat of ransomware.