Securing the Hybrid Workforce in the Manufacturing Sector

Summary

More than 55% of executives surveyed by PwC in December said they expected that most (60%+) of their employees would continue to work remotely after the pandemic subsides. For the industrial sector, enabling remote work has been far more difficult than it has been for other sectors. The main reason for this is simply that there are many functions within this realm that just can’t be done remotely. Conversely, there are plenty of OT business related roles remote execution is possible.

The challenge for these businesses is that given all the different types of roles, there’s really no one-size-fits-all workplace design. And with that, there’s no one-size-fits-all approach to cybersecurity, either, but it’s not something that can be ignored or delayed. As the hybrid workforce gains traction across OT sectors, manufacturing will be no exception–and that means IT leaders must be prepared to secure this digitally transformed landscape.

The increased need for cybersecurity

As mentioned in my previous article, the pandemic highlighted the need for convergence of operational technology (OT) and IT networks, but this necessary convergence also comes with increased cybersecurity risk. OT has long been a target for bad actors, but the COVID-19 pandemic in 2020 presented new exploitation opportunities that cybercriminals were quick to identify and leverage as part of cyber-attack campaigns. Many organizations were unprepared for the challenges wrought by the pandemic and the increased cyberthreats. Accordingly, they had to pivot quickly to adopt security solutions that would defend their unique and critical infrastructure from attack.

This year, organizations must develop and adopt a more proactive security strategy that protects OT environments by using up-to-the-minute threat intelligence. They must constantly analyze and revise their tactics to stay ahead of bad actors.

The hybrid workforce

As mentioned, the convergence of IT and OT networks was already increasing cyber risk for the sector and spurring the need for improved cybersecurity posture–and then the hybrid workforce challenge materialized. A hybrid workforce amplified the demand for employees to access corporate applications from both inside and outside the company’s traditional network perimeter. Coincident with hybrid workforce demand, the adoption of the multi-cloud has expanded the concept of an enterprise perimeter. Some companies are finding that a cloud-based architecture, particularly a hybrid cloud approach, requires a new strategy.

Security for a new perimeter

That strategy entails securing all aspects of the organization: its people, technology and processes.

People: In many organizations, one of the most significant cybersecurity vulnerabilities is the employees themselves. If this was true when we all worked on-site, it is even more so in a hybrid work environment. Any time an organization changes an employee’s workspace and network usage, they may be less adept at identifying phishing attacks, social engineering or other security threats.

For example, employees who aren’t accustomed to working remotely will likely experience frequent interaction with the company’s IT department. Since remote employees  are inundated with procedures to complete and greater volumes of data to download, a well-worded phishing attempt might slip past their defenses.

Education is the key to combating the human element of hybrid workforce cybersecurity. The more you can train and teach your employees regarding what to look out for, the better your security outcome will be.

Technology: Whether employees are on-site, remote or the mix described above, keeping OT secure begins with enforcing the “never trust, always verify” model, which means protection at every wired and wireless node to ensure that all endpoint devices are validated.

With the dynamics in play today, introduced by explosive growth and enabled sensors for OT systems, zero trust is crucial to defending the cyber-physical world. It’s also important to practice the principle of least privilege across both internal and external communications. By providing only the minimally required access and creating an internal segmentation firewall at multiple points within the networks, OT leaders are afforded extra layers of enterprise protection from an array of attack vectors. In this manner, organizations achieve network visibility along with least privileged enforcement. This helps to prevent vertical or horizontal movement within the target environment.

Processes: The modern business enterprise is digitizing its environments using sensor technology and connecting with cloud-based applications–and OT is no different. Along with this adoption of cloud services, though, comes the challenge of the expanding attack surface. Threats within the OT sector are now going beyond network and application attacks to target vulnerabilities caused by misuse or misconfiguration of the cloud infrastructure.

To address the emergence of these challenges, IT teams need a solution that offers advanced security and can detect suspicious activity across all cloud environments. This cloud security solution must also enable a containment and mitigation strategy to ensure safe and continuous operations. Overall, the security solution must provide fluid and dynamic transparency that delivers operational efficiency as well as continuous trust across the cloud.

Converging security

With pandemic restrictions finally easing nation-wide, many employees are returning to the corporate workplace. Industrial companies face unique challenges since there is clearly no one-size-fits-all workplace design. Accommodating security across an array of unique employee work models in disparate locations while also dealing with the convergence of OT and IT networks is a challenge, to say the least. But if organizations will prioritize addressing the people, technology and processes facets, they can create a holistic security strategy that will safeguard all their networks across all cloud infrastructure.

Learn how Fortinet can help you extend security and maintain compliance in any ICS/SCADA-connected environment.