FedEx in the US, Germany’s national railways, the UK’s National Health Service, universities in China, utilities in Spain, ministries in Russia… The list of victims of the WannaCry ransomware attack goes on and on, and a lot of them have yet to recover.
What may have surprised many was that this ransomware – which encrypts your computer’s data and promises to release it only against payment – managed to cripple even large manufacturing facilities. In the UK, Nissan’s massive factory in Sunderland was brought to a standstill, while Renault had to halt production at several of its French production sites, including its Sandouville factory. No wonder that security experts have renewed their warnings that manufacturers must do more to secure their IT systems.
With production lines that run 24/7, however, that’s easier said than done. Who can afford to regularly close down machinery to install yet another security patch? One way out, say experts, could be a radical shift to a different way of doing your IT: ditching the traditional on-premise IT systems, and replacing them with more flexible cloud-based solutions.
The WannaCry attack brought production to a standstill at some factories
But is cloud really the way to go? Yes, connectivity has much improved since companies, such as salesforce.com, began to offer Software-as-a-Service (SaaS), now more commonly known as cloud computing. And take-up is high. According to PwC’s Global State of Information Security Survey 2017, more than two-thirds of companies are already using cloud-based cybersecurity services. The researchers surveyed 10,000 IT professionals from around the world.
Indeed, according to PwC, cloud computing is now “foundational to the integration and management of the many moving parts of a threat-management program”. Using the cloud, companies can monitor and analyse all digital interactions and generate actionable intelligence in real time.
But in an age of WannaCry and a multitude of other cyber threats – whether they come from state-sponsored actors or so-called “script kiddies” (who can download for free a truly scary arsenal of hacking tools) – companies will have to think hard whether an in-house approach is indeed the most effective way of dealing effectively with threats like ransomware and industrial espionage through data theft.
Can you be certain that your own IT staff is both well-trained and alert enough to manage huge amounts of unstructured threat information? Have you hired highly-skilled cyber threat-intelligence analysts to review the data and take immediate action if necessary? What if that massive “distributed denial of service” attack overwhelming your IT system is just a distraction to keep your IT team busy, while the attackers engage in “spearphishing,” smuggling in some spyware that targets the people in your R&D department to extract secret blueprints?
“The recent attack actually highlights some of the major benefits of cloud deployment: modern hardware, automated updates and patching of software, automated backups and hardware redundancy,” says Vijay Michalik, an analyst at Frost & Sullivan.
"Machine learning and artificial intelligence"
At the moment, about 14 percent of IT workload resides in the cloud, says David Linthicum, a senior vice president at Cloud Technology Partners, and adds that manufacturers are more or less in line with that. Linthicum argues that the cloud is “typically more secure,” because “systems are maintained and updated consistently, thus the risk of having vulnerabilities drops significantly. Enterprises typically don’t update or maintain their systems as well as cloud providers.”
PwC’s report says that modern, advanced technologies together with cloud architectures “can help organizations more quickly identify and respond to threats, better understand customers and the business ecosystem, and ultimately reduce costs”. This can be achieved thanks to machine learning and artificial intelligence that can analyse huge volumes of data, correlate it with a global database of threat intelligence, identify threats in real time and prioritise responses based on impact to affected assets. In contrast, a large-scale manufacturer will approach the in-house IT systems more like plumbing, designed to make the data flow smoothly. Running a threat-aware AI on top of it will probably be beyond its core competencies.
"Cloud IT is more secure"
Cloud-based threat-management capabilities are evolving swiftly—and are changing the model of on-premise cybersecurity and privacy solutions. “We’re seeing rapid uptake of the cloud model because of its cost advantages, the compute and scalability that it provides—and the ability to rapidly and flexibly adjust computing capabilities,” Christopher O’Hara of PwC’s Cybersecurity and Privacy department states in the report. “We believe cloud-based cybersecurity will evolve to the point where you can realistically take any type of threat data and process it, normalize it and understand its impact to your business in real time. Today’s on-premise solutions simply can’t do that.”
And it doesn’t really matter if you are a big company or a small one – cloud IT is more secure for both, says Linthicum. “Small firms can’t afford a huge IT footprint; therefore cloud is typically where they go. Larger firms typically must migrate to the cloud, but the cost and agility benefits make it worthwhile.”
What is the best approach for dealing with malware?
Michalik says that smaller enterprises benefit even more thank big ones, though. “Cloud options remove the barriers to scalable IT infrastructure and remove the fixed capital requirements, allowing them to compete with larger corporations’ software solutions with more capital backing and existing scale,” he says.
However, PwC’s report highlights that currently few companies have an integrated cloud-based threat-intelligence and information-sharing platform – partly because not all component technologies are accessible to businesses. This is beginning to change, though.
“This year, we have figured out how to use technology to ingest massive amounts of unrelated information and find the relationships that make information understandable,” David Burg of PwC’s Cybersecurity and Privacy mentions in the report.
"Critical security flaws"
Companies that want to shift their IT to the cloud have two tasks at hand. First, they need to find the right cloud service provider, and secondly, they need to educate their staff. “Follow the fundamental rules of security,” says Linthicum. “Understand what attack vectors are out there, what is currently a threat. Make sure that your [remaining] systems are updated consistently, focusing on security patches and fixes.” That’s especially true not so much for Windows machines, but the type of industrial control software which fell victim to the notorious Stuxnet trojan attack (which was mainly designed to bring down Iran’s nuclear enrichment facilities but spread far and wide).
Among the major weaknesses that WannaCry exploited was the failure of many organisations to replace outdated and unsupported machines, or – just as bad – the failure of both users and IT departments to apply critical security patches which Microsoft released several months ago. “Patching critical security flaws is the most fundamental way to prevent cyberattacks,” says Michalik. For companies that have most of their IT systems in the cloud, it’s something they will less and less have to think about.