Manufacturing organizations traditionally fall into two categories: extremely large and multi-national or small and focusing on a niche product. In this case study, we are looking at the traditionally under-supported one, the small and niche organization.
A small manufacturing organization CEO engaged FalconOps to perform a penetration test against their extremely small external footprint. He had been increasingly concerned with being hacked due to the many news stories about small companies getting held for ransom.
We love when our clients express what concerns them - in fact, it is one of the pre-assessment questions we ask.Through our partnership, our goal is to put our client's minds at ease by ensuring they gain the greatest possible benefit from our engagement.
I've been increasingly worried about getting hacked
Our team started the assessment on the minimal attack surface that they had exposed, but it rapidly became evident that our assessment would not be a quick one.
Our team identified a custom written portal for employees to log into while not at the manufacturing plant. During the manual portion of our testing, we identified a trivial to exploit authentication bug that allowed us to become an admin of the portal. We could see ALL user accounts, client, billing, manufacturing processes, POs, etc. We immediately called the point of contact so that they could take proper steps to secure the platform, before we finished our report.
Below are our suggestions for manufacturing organizations to drastically reduce the likelihood of a successful cyber attack.
While there are plenty of other suggestions, we believe these will give you the biggest "bang-for-your-buck"
Our team is composed of former NSA analysts and operators. We have the know-how and will ensure the best price compared to other comparable organizations. Why? Because we care about traditionally under-supported organizations more than our bottom dollar.