Security Experts:

Connect with us

Hi, what are you looking for?



How IoT Opens the Door for Insider Attacks Against Industrial Infrastructure

For manufacturers, improving security often means building better defenses against malware, botnets and other external threats. What may be further from their minds, however, are the threats that come from within the organization. 

For manufacturers, improving security often means building better defenses against malware, botnets and other external threats. What may be further from their minds, however, are the threats that come from within the organization. 

Although they often fall under the radar, insider threats can be just as damaging as external cyberattacks — a 2018 Ponemon Institute Cost of Insider Threats report (PDF) cited that the average annual cost of insider breaches is now upwards of $8.75 million.

It’s a lesson that some industrial organizations have already learned the hard way. Last year, car manufacturer Tesla fell victim to a damaging insider attack when an employee sabotaged the company’s operations systems by making direct changes to the Manufacturing Operating System’s (MOS) source code.

And it’s not just manufacturing that’s at risk. Last year, the Bureau of Reclamation, a division of the Department of the Interior, released a report (PDF) illuminating that the industrial control systems of two U.S. dams were “at high risk from insider threats.”

While malicious insiders undoubtedly pose a threat to IT infrastructure, operational technology (OT) and internet of things (IoT) systems are comparatively more fragile simply because they lack IT’s basic security defenses. There is also more at stake — while insider attacks on IT often result in data theft and financial losses, an insider breach targeting OT and IoT systems has the potential to shut down electrical grids, contaminate water supplies and otherwise destroy a nation’s infrastructure.

An Open Door for Insider Attacks

Despite the very real and growing insider threat, OT and IoT security is woefully inadequate at best, non-existent at worst. Electronics and sensors that control industrial infrastructure are often decades old, created long before security technologies were even a consideration. Since these systems are designed to operate with productivity — not security — in mind, manufacturers have been slow to make necessary updates to accommodate an evolving insider threat landscape.

Blind spots around insider threats can also be traced to a general lack of awareness. Part of that is cultural — manufacturing organizations don’t want employees to feel like they’re being watched. Additionally, most manufacturers simply lack tools that give them visibility into the entirety of their environment. While they’re starting to become more aware that security should be a priority, they’re often focused on other goals.

As a result, they miss glaring, yet easily fixable vulnerabilities such as passwords easily accessed in files or permissions to unauthorized users. These oversights leave OT and IoT systems vulnerable to miscreants who have insider knowledge about an organization’s weaknesses along with unrestrained access to critical systems. 

Bolstering Insider Defenses

The most effective solution for defending against insider threats is also one of the simplest: carefully monitoring all activity in the IoT environment. For manufacturers, it’s easier said than done. Many manufacturers are worried about the threats that enter the network but are not as concerned with what goes out. But improving general monitoring, particularly around exfiltration, and auditing unintended changes can go a long way to identifying and preventing sensitive information from leaving the organization.

That elevated monitoring should also extend to employees who enter the network through the VPN or remote access — and include alerts that raise a red flag to security teams if users are logging in from somewhere that might be suspicious. Organizations can also be more judicious about employee access, such as thoroughly reviewing role-based policies and removing unnecessary administrator access to machines.

However, to truly facilitate a culture shift toward security, industrial organizations will need to implement comprehensive and consistent employee training that updates employees on company security policies while incorporating security best practices.

With the surplus of IoT and sensor data available today, more information — such as blueprints, intellectual property and sensitive customer data — will be targeted by competitors and nation states. And it’s not much of a stretch to assume that attackers will pull out all the stops, including using insiders, to give them an advantage. Industrial organizations will need to start preparing by first acknowledging the very real possibility of insider threats, and find new ways to protect assets from both malicious outsiders and within.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...


The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.


Cybersecurity firm Forescout shows how various ICS vulnerabilities can be chained for an exploit that allows hackers to cause damage to a bridge.


Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.

IoT Security

Vulnerabilities in electric vehicle charging management systems can be exploited for DoS attacks and to steal energy or sensitive information.