Recent breaches of MGM and Caesars are proof that no company is safe from sophisticated, aggressive and frequent cyberattacks.
By Sam Heiney
With costs soaring into the millions, the recent breaches of casino companies MGM Resorts International and Caesars Entertainment are an unfortunate reminder that no company is truly safe from increasingly sophisticated, aggressive and frequent cyber attacks by malicious actors. According to reports, the same hackers that breached these two casino giants – known as “Scattered Spider,” part of the larger “ALPHV” ransomware group – have also been responsible for several other recent cyber attacks on companies in the manufacturing, retail and technology space.
For both MGM and Caesars, it has been reported that hackers made use of social engineering to get into the systems – first impersonating an employee on LinkedIn and then contacting the help desk (a vendor shared by both companies) and pretending to have lost their password to get into the account, claim additional credentials and gain increasing control.
Smart Factories At Risk For Cyber Attacks
Regardless of the industry, all it takes for the hackers to win is for one link in the larger cybersecurity fence to be compromised, and the whole wall will come tumbling down. It’s a tall order for any industry, but manufacturing has, comparatively, a lot to consider. That’s chiefly because of the massive implications and potential of Industry 4.0, which is already establishing itself across the space.
Industry 4.0 – and the smart factories that emblemize it – has already demonstrated the ability to increase overall production by as much as seven times, but those gains come with equal risks for those who neglect cybersecurity. Technology is a double-edged sword if wielded carelessly – every new piece of technology on the factory floor (i.e. IoT devices, sensors, factory robots, security systems, cameras, HVAC or even printers) also creates a threat vector, a potential door into the heart of the system if left open.
Still, interconnectivity is the greatest strength of a smart factory, so it doesn’t make sense to throw the baby out with the bathwater. Zero-trust, Secure Access Service Edge (SASE), and other newly defined security approaches have been created specifically to provide secure access and interconnectivity. These new strategies are built on foundational security principles using encryption, network segmentation and various levels of access control to create layered security that bends and evolves without breaking.
Implementing new security strategies can be expensive. Finding time and resources is a challenge for most organizations, but everyone can improve their security stance by focusing on the basics. Mastery of these fundamentals are especially important since simple social engineering – the kind of approach that relies on psychological manipulation rather than exploiting an outright vulnerability in the system itself – is incredibly common and effective on even the most well-established companies, as we’ve just seen with MGM.
So where can manufacturers get started if they’re concerned their defenses aren’t up to snuff? For starters, patch and upgrade your systems. Then, conduct thorough training for your users about the dangers of phishing and malware, to ward off potential social engineering attacks. Lastly, improve or implement role-based access controls by adding attribute-based controls like date, time of day, and location to ensure access to your system is properly limited and controlled.
Trends show that the types of attacks experienced by MGM and Caesars are unfortunately growing more commonplace over time, especially in recent years. Both technological adaption in the manufacturing space and the tenacity of hackers are evolving in equal measure. Manufacturers must always place cybersecurity at top of mind, otherwise they risk becoming the next headline-making ransomware victim.
Sam Heiney is VP of Products, Impero Software, a Portland, OR-based provider of cybersecurity to Fortune 100 and companies in the manufacturing and retail spaces.
Click here to read more about cybersecurity and business continuity issues from Continuity Insights.