When it comes to cyberattacks, today’s manufacturers are in the front line defending their IT and OT landscape. Rapid digital transformation has exposed cracks in the defenses of many in the industry. Join Stacy Leidwinger, Vice President of Portfolio Marketing, to hear her take on rising threat levels in the industry. Discover the true cost of potential breaches and the best lines of defense – taking a comprehensive and proactive approach to prevention, detection, and response.
What We'll Cover
Sally: Hello and welcome to Let's Talk Soc, a podcast series brought to you by Secure Works. A leader in cybersecurity focused on empowering security and IT teams worldwide to better prevent, detect, and respond to cyber threats. I'm Professor Sally Eaves, your host. Today we're exploring all things cybersecurity, particularly related to manufacturing and to do so, I'm delighted to be joined now by Stacy. Welcome to the show, Stacy. I'd love it if you could introduce yourself and your role at Secureworks.
Stacy: Yes. Thank you Sally for having me. My name is Stacy Leidwinger and I'm the VP of Portfolio Marketing here at SecureWorks.
I work really close with our customers, our partners, to really identify the value that we're delivering as organizations try to prevent, detect, and respond to cyber threats.
Sally: Fantastic. Thank you so much. Really helping people to defend their corner as we were talking about offline. I love that, and I think really drilling into this sector, I've actually been doing quite a lot of work around manufacturing and kind of the escalation of threats here.
So perhaps we could drill into that first, what are you seeing at Secureworks with your experience and your research around the types of cyber risk and cyber attack that's affecting this vertical the most?
Stacy: I was reading an article from Gartner, it's the emerging tech radar report for manufacturing, and they called out that the number one threat where ransomware attacks are happening is in the manufacturing vertical.
Now, some might say, well, does it mean manufacturers are paying more for ransom? The answer is, no. And what our research tells us is threat actors are not targeting one vertical over another vertical, but they are attacking those that are most vulnerable. So when you think about manufacturing, they have gone through an extreme digital transformation over the last few years and they've been transforming within their IT and operational technology environment so fast that security hasn't kept up.
Which means they are more vulnerable than their other peers, which means the amount of attacks they're experiencing does look high when you play with the stats.
Sally: Oh, Stacy. Honestly, great points there. I couldn't agree more strongly. I think for me, what's coming to the fore is that pace of change that race to digitalize, if we will.
And I think for manufacturing in particular, there are unique, say characteristics around that vertical. So we've got such convergence at such speed, you know, whether that's say smart warehousing or it could be the rise of 5G technology or video-based quality inspection, augmented maintenance, kinda the list goes on, doesn't it?
All of these different areas coming together, new opportunities, groundbreaking innovation, but also the potential for, say, intention action gaps and gaps across the infrastructure, particularly when we look at IT and OT convergence as well. So, very unique things around manufacturing. So it's great that you are really drilling into this today, I think.
What can, and kind of how are you helping manufacturers with some of these challenges? I was looking from some data from from SME that came in recently and it was saying ransomware fishing and supply chain, typically top three in terms of the threats affecting this vertical.
What are you seeing and how can manufacturers do more to kind of strengthen their posture to negate these threats?
Stacy: I think, Sally, you really nailed it on, on two vectors, right? What I'm seeing is, one, as you talked about, manufacturing is rapidly innovating, having new technologies. You mentioned operational technology (OT), so now there really isn't a differentiation from physical devices or facilities.
Everything is now connected in a software digital fashion world, and threat actors know that and they see those vulnerabilities. So it used to be only in Hollywood movies that someone's pacemaker was attacked or there was a robot gone crazy on the, the actual supply chain. No, this is really happening and the technology is there.
The other spectrum that is happening though is manufacturing has not always been on the forefront of innovation. And I've said that to others that are leaders in manufacturing. So if you even go back a few years ago, most manufacturers required all roles to be inside the plant. It didn't matter if you were HR or accounting or marketing or sales, you were in the office. So when Covid did hit, they weren't ready for this movement to cloud. They weren't ready for remote work, so that also expedited them. Right now, manufacturers are really in this crossroads where they maybe had a 10 year plan. To really go ahead and adopt some of these newer infrastructure cloud IT capabilities, plus bring in all these new technologies as you called out from smart warehousing, 5g and threat actors know that.
So what can organizations do? I always break it down into three core areas. First, prevent what you can prevent. Know where your vulnerabilities are. Understand your attack surface. Know what you need. Patch and patch. Patch and patch some more in the context of your own organization. Make sure it's a real threat.
Make sure you're doing good things on the endpoint and network that you're preventing as much as you can. The next piece though comes into detection, and that's absolutely critical. You mentioned ransomware, Sally. Our secure work cyber threat unit sees that the average dwell time for a ransomware attack is four and a half days.
That means an organization only has four and a half days to realize they were breached where it is and fully remediate and remove that threat before there is impact. And so that detection's critical cuz we know we can't prevent everything. And then the final piece is the response, cuz again, you've gotta detect and respond in four and a half days.
So how can organizations understand repeatable playbooks, how they can automate some of these response actions? That's really critical. So it's understanding what your attack surface is today, and then preventing and detecting and responding to threats as quickly as you can.
Sally: Absolutely. I think great points there, and I love the fact that you brought to the four, that convergence issue around IT and OT.
Again, as we said, you know, it's giving lots of opportunities, but it's also presenting cyber criminals with even more targets as well. So I love that kind of three step process you mentioned there. And also from the response point of view, I love the work that you do. Kind of really helping people who are on the operational side of this also filter through some of the noise and the data noise around this to actually get granular and to get to the right data.
You know, getting that to the right role at the right time. Kind of active intelligence, if you will, to get ahead of some of these threats as well. A lot of work I obviously you do in that area, which is really, really impressive. Plus talent outreach, there are so many gaps isn't there in terms of supply and demand around cybersecurity, particularly around diversity and cybersecurity too, but also roles say around testing and architecture in areas like that.
We need to close those gaps too. So, you know, I was involved in, in the project you had at Secureworks around kind of encouraging different storytelling around cybersecurity as a career and kind of game development and getting more people involved. So I love that too. Cause I also think that's an important part of this piece, the collective, the power of the community to gate threats.
You know, like a bad actors are doing frankly around coming together to, to create these issues. We need to do more, I think, as, as a community to, to negate them too. And I think you're right, the front line of that. So I wanted to mention that cause I think that's super, super important part of this too.
Stacy: I think that's the other thing for manufacturers is if you were gonna build out your team, especially cuz they're global, they need that 24 by 7. It's really challenging with the dynamics that are out there and the skills that are required. Luckily there are solutions out there to help with that.
There isn't an opportunity where they don't have to build their 24 by 7 SOC. And I think that's also where manufacturers are leaning. They're leaning, looking for partners that can help them do these things without having to build a full functioning team. Instead have their team really focused and using those specific skill sets to go after things like Zero Trust so they can empower the business that they can keep up with it and make sure that they are tracking everything that's coming in and they're building those new plans together.
And I think that's really critical and it feeds into that community atmosphere that you mentioned.
Sally: Absolutely. I couldn't agree more strongly. Love the fact you focused on that too. I think that's, that's huge. And I think also you brought to the fore there around how kind of facilitation is such an important part of this piece.
It is around the technology protection. Absolutely. But it's more than that. It's around that culture and supporting and that shared responsibility about educational uplift. It's around the right kind of process. You know, the right change management, you know, things like CICD to make these changes more agile and incremental.
And again, that reduces risk rather than increases it. So many elements we can dive into there as well. That's kind of the big point I wanted to, to make there. You know, whether it's manufacturing, you know, as a vertical or size of organization, there is security support there for organizations of all sizes and all sectors too.
So, huge, huge point there. I think, and maybe we can look at like, the, the cost, like the consequences of when a successful breach does occur as well. Cause I think the narrative around this is huge. You know, I think sometimes we talk about the cost of security investment and really we should talk about the cost of insecurity.
What are you seeing as the biggest consequences when this does go wrong and there is a successful breach?
Stacy: Absolutely, and I actually break it down what I'm hearing from customers in four areas. So the first area is definitely cost avoidance around ransomware.
So we had a manufacturing customer, they were global, and they said if they were hit by ransom, they expected at least a $2 million damage by the time they either paid the ransom or worked with their insurer. That was the cost of one attack. They said it was not unreasonable if they weren't doing things that they could have two or three attacks a year.
So think about the cost avoidance there. The second falls into the other types of cyber attacks you mentioned. They estimated that another type of attack, whether it be through phishing, maybe it was stealing of customer or or personnel data, it might have been fraudulent charges. People are sending fake bills cuz they're breaking into email systems.
They estimated those type of attacks could cost up to $50,000 a month. So imagine just one of those attack a month. There's another cost of avoidance around 1.8 million. So they break out cyber attacks in those two buckets and then estimate what could be the damage.
The third area then is really protecting profits and so for manufacturers, it's all about keeping your production lines up. And so Sensei actually did a study and said the average cost of downtime for a manufacturer is 9,000 US dollars. So imagine if an organization is down even three days, the amount of profit that they are potentially losing because of cyber attacks.
Then the fourth area, and I think this one's really interesting cuz usually security's all about preventing damage and preventing any harm from your reputation. But what we're hearing from customers is they actually think improving their security posture and manufacturing. Helps them win more. Business manufacturers are part of a much larger supply chain, so when an organization is going out for RFP or RFI, they're doing significant security audits.
They wanna make sure they have SOC, they wanna make sure they have ISO compliance, they have SOC two verification. All of these things. And so our customers have told us by improving our posture, by explaining their overall security program, they've actually been able to win more business. And that's what's exciting.
I mean, I wanna keep organizations safe, but when I hear we're also helping them actually win business and improve their top line, not just save their bottom line, that to me is where there's goodness that's coming out from everything that we're doing.
Sally: Oh, absolutely. It's like the embodiment of shared value business.
It really is. And I think there's an interesting correlation with sustainability there as well, cuz I'm seeing exactly the same thing. You know, organizations that embed security considerations by design, but equally sustainability ones as well. Both of those and, and it's other areas too, obviously, things around inclusion and diversity as well.
But just those two in particular, cuz there's an interesting correlation between the two. They are, you know, do this right? Is the biggest driver of competitive advantage by doing the right things, you know, and I think particularly when we look at things like the cost of living crisis, what we're seeing in the energy sector, again, new conversations really resonating around, you know, security and energy, security, resilience and sustainability as well.
So there's almost like a triangle thats swarming in this particular area that've I've got something coming out on next week, funnily enough. But such a dynamic space, so much happening. And the other thing I would say in terms of potential consequences is the negation of trust as well. And it's probably the biggest currency of our time, isn't it right now.
And we're seeing, you know, lots of research, lots of data, a bit like what you were saying there, Stacy, about how people are reacting to if you're investing in this or not. People are walking away from organizations where they're seeing that breach of trust. You know, whether it's around like a broken experience or whether it's around a broken like value alignment or because security risk, et cetera as well.
It is, people are walking away. It's changing not just expectations, it's changing behaviors as well around this too. So, Absolutely such a critical area to focus on, I think, and perhaps if we could turn that round a bit in terms of how we can help manufacturing companies in particular to better protect themselves, obviously from a tech standpoint, but some of the areas we've drilled into as well, you know, beyond that, around culture, process, and skills.
Stacy: Yes. So I mean, it really does come back to first understanding what your attack surface really is and taking a hard look at it. I'll use this example often where an organization said, yes, we have mostly multifactor authentication implemented. We're just trying to get some of our C-level executives to buy in.
And I went, what, that's, who is being targeted. Right? And so I think doing these security assessments to truly understand what is your attack surface, what is your overall posture and what is your posture relative to your peers? I hate to say it, but it's a little bit of the game of you don't have to have the best posture, you just have to have enough posture relative to your peers, that an attacker is like, this is too hard. I'm gonna go to somebody else. And so really understanding and how to benchmark that posture is absolutely critical, I think as the first step. Then the second step is I really do believe that organizations of all sizes need to have 24 by 7 monitoring for those threats that they can respond to quickly.
If you're not looking at that with only four and a half day dwell time, you're at risk. And so how are you ensuring that you know what to look at? And then that you have eyes so that you're really identifying those most critical things. And then the pace of that response is, yes, you need to plan for it, but also test it.
I've talked with organizations a lot where you need to not only test your defenses using things like penetration testing or purple and team testing, but also do workshops and exercises and test your executives and in manufacturing. I think this is really important. There are, in some manufacturers, they've had the same executive team for decades now, and are they prepared should there be a cyber attack? So running some of those tabletop exercises and making sure that you have a customer communications plan, that you've got a partner communications plan, you're part of that supply chain. Plan for your worst day so you don't have your worst day possible.
So I really break it into those buckets. Understand your attack surface, understand your vulnerabilities. Make sure you've 24 by 7 detection and threat response so that you're ready when those threats come in. And then finally, test those defenses not only technology wise, but also as a workshop so that your entire team is ready.
So you talk about people, process, and technology, Sally. It really has to have that all coming together to ensure that your organization is safe.
Sally: Absolutely. It's that holism is that, that holistic approach to dealing with this. It really is. I, I couldn't agree more strongly and I think you should get some t-shirts there about prepare for your worst day so you don't get to that.
I think that, I think that would really catch on. I think that's so, so that's really catchy there and I think it really kind of puts forward the, the key messaging here. It really does love your point there about. Practicing through things as well, that scenario aspect. I see that as a cap quite often, particularly around the comms piece and it's so, so critical in this area.
If everybody's kind of been through that process, it makes a huge difference. And also, as you were mentioning there about C-Suite too, seen an increasing number of, of kind of phishing attempts around social media accounts and things like that as well. So I've seen some really good work in organizations where you're getting an email and you think it's from X and, and it isn't, and are they actually reacting in the right way?
And, and, and doing the right checks and doing that in a non-blame way as well. You know, everyone needs to learn through that experience and not feel afraid to learn through that practice. So again, the cultural aspects around that, the empowerment around security is huge too. And also just everything you were saying there as well.
Where the trends are going too, particularly from a technology standpoint around Edge. For example, I was reading some research from AT&T . Looking at manufacturing, and they were saying it's nearly 80%, I think it was 78 of the people interviewed were saying they're globally looking at partially implementing or fully implementing around Edge use cases in a very short time scale. So we are going in this direction. All this convergence we've been talking about, you know, the, the scale and the scope and the sophistication of threats. We can see more opportunities, but equally more caps that could potentially present themselves. So I think everything we're talking about here is so vital to look at this, you know, right here and right now, and maybe bringing this to enclose.
Perhaps we can look a little bit more from a SecureWorks standpoint, what you are doing specifically is help facilitate manufacturers with dealing with all of the above it'd be great to drill into that a little bit more. I was just speaking with your colleague, George, actually around MDR and XDR as an example of that.
And I'd love to kind of drill into the support you are giving to navigate these threats and particularly around the convergence aspect.
Stacy: We have five of the top 20 manufacturers as our customers. And I would say manufacturing is one of the significant verticals where we truly are helping organizations.
So here at SecureWorks, we do offer a managed detection and response MDR solution, where we offer that 24 by 7. Threat prevention, detection, and response capabilities, which means that organizations that have a small department can leverage our internal SOC, and we have a platform called Taegis, where we are ingesting all of the different telemetry we talked about today from Endpoint, Network, Cloud, OT, identity, email business applications. We pull that all into a single application and then apply a lot of our own intelligence as well as machine learning to detect where the real threats are. The challenge is, is if you don't have enough people and you're looking at those in silos, you're missing the threats.
So we're taking all of the learnings from thousands of incident response engagements and testing we have done over the years. We have monitoring of 175 different threat groups, and we're bringing that intelligence in. And we also process over 600 billion security events a day. So we take all of those learnings and put into a platform to help our customers really identify what the real threats are.
And then we've built proactive response actions for them. What our customers tell us is they love the fact that we have them no matter what we're watching. We are detecting those threats, we're responding and they can be as involved as they want, meaning they're in the software, they have direct access to our SOC in under 90 seconds they can talk to an analyst and actually have that upskill and help.
Or they can be as hands off and say, only call me when there's an issue and I'm happy to jump on that issue. And I think it's that flexibility and it's also the ability, you know, one of the manufacturers I worked with told me, Stacy, I used SecureWorks cuz I couldn't get that scale if I built it internally and you've basically future proofed my organization. I can change the different telemetry sources. I can change what we're using from an IT and OT perspective, but I know that you're gonna pull in that data and you're gonna look at it. That's what makes me feel good at the end of the day. And we've got numerous case studies, if you go to our website at secureworks.com that speaks to how we're doing that and the value that we're providing for manufacturers.
Sally: I love that. And I think those case examples, they really do speak for themselves. And again, it helps many people. When you see other organizations that have already been through this process or on steps along the way, sharing about matters and that kind of knowledge repository you were describing there as well.
Absolutely critical. And it is the way forward, isn't it? And I think just with manufacturing specifically. It's just such a interesting dynamic sector. I think there's so many interdependencies, around different devices, but also their necessity of protection and also some of the associated software involved in this too. At the end of the day, a single line goes down or device goes down in a warehouse, the entire production line can go down. It's that critical. So I think it just brings to the bear why focusing on this area matters so much. And also the connections with other verticals as well.
It's a fascinating space. As a final thought, I think we've spoken about this before about improving diversity within security sector as well, and I think this is a great example of that, isn't it? I mean, how much dynamism have we spoken about today in terms of the change that's happening?
What a great place to be to get involved and, and being with the good guys and negating some of those threats.
Stacy: It is. Secureworks overall purpose is to secure human progress and really beat our adversaries at scale. And I literally wake up every day and feel so honored to be part of such a larger mission.
I've been in IT and security for a number of years now. I love it and breathe it, but to be part of that mission and wake up every day knowing that we're helping organizations, whether it's manufacturers keeping their supply chain up, or in healthcare organizations delivering patient care. To me, that's what's exciting.
And I think having that holistic, larger mission also allows you to really recruit that diverse talent that you're talking about, right? Making sure that you have different viewpoints, making sure that we have a better understanding of the world that we're looking to improve, and the one that we're looking to defend.
Sally: Couldn't agree more strongly. I'd love to share more about this another time as well. Because again, I think the visibility of role models in tech from the most diverse background possible, including neurodiversity for example, which is something I'm working on at the moment. Absolutely vital. You know, we need to see people that look, feel, speak, relate to us, you know, wherever we may be.
And again, the work you are doing this area really matters too. It takes all of us, doesn't it, coming together to negate these threats. Fascinating conversation, Stacy, and great to see the work you're doing at SecureWorks to help negate this threat. And also just as part of that wider community coming together, sharing knowledge, and attracting more people into the industry too, it's absolutely critical. So, thank you for your time.
Stacy: Thank you, Sally.
Sally: Thank you all for watching and listening and joining us on Let's Talk SOC.
Let's talk SoC is a podcast series brought to you by Secureworks. A leader in cybersecurity, helping organizations reduce their risk, maximize their existing security investments, and fill their talent gaps with their cloud-native security analytics platform Taegis. They offer MDR and XDR solutions, better threat prevention, detection, and response. To learn more, visit secureworks.com.