One of the many realizations through recent global crisis is that manufacturing is a critical national infrastructure. When disruption happens to manufacturing operations, the ripple effect is immense. As the industry invests in automation and other advanced technologies to better serve their customers and partners, unfortunately they also increase their value to bad actors. Investments should also include a strategy to combat the biggest cybersecurity risks to manufacturers.
Cybersecurity Breaches: Though traditionally you may not store much personal or sensitive information, the adoption of IoT has increased vulnerability. IoT devices widen the attack surface and give bad actors more access to cause mischief as they focus on disrupting operations or stealing intellectual property. A cybersecurity breach can lead to extensive material damage, significant downtime, and remediation costs.
Industrial Espionage: Intellectual property can include trade secrets, customer or partner data, manufacturing processes, and proposals. Bad actors target this information to sell to unscrupulous competitors who can bypass their own research and development, improve their own internal process, or launch similar products at competitive prices. Industrial espionage threats can also come from within the company, current or former employees with unnecessary systems access or disgruntled intentions.
Phishing: Though not exclusive to manufacturers, phishing attacks are a leading entry point for bad actors. A phishing attack is when a malicious actor tricks an internal representative into opening an authentic-looking email and providing login or access credentials. The attacker can use those credentials to enter your network or control management systems and cause havoc and/or can sell those credentials to other bad actors on the dark web. Spear-phishing is also common. This is when a particular individual is targeted with customized attack attempt. It may look like the CFO or accounting rep receiving an email about an invoice or payment that may appear to come from someone higher in the company, asking them to pay with a link to an unauthorized third party.
Malware: Attackers can sabotage your capability or even worse, spread their attack to your customers and partners, by embedding malware into systems or supply chains.
Ransomware: Manufacturers paid 62% of total ransomware payments made to cybercriminals in 2019, making them the largest industry targeted by bad actors because they are more inclined to pay. Attackers maliciously encrypt manufacturers files and data and demand a ransom to decrypt, not always doing so even when ransom is paid. This is a critical attack on manufacturers who can be denied access to their operational data or automated process for a week or more. Even if you quickly regain control over your data and files, ripple effects can take weeks to months to fully recover from.
A cyber attack can cause major damage to capabilities and disruption to production. The level of disruption and losses could mortally wound a smaller company. NOT investing in cybersecurity can be a lot more costly than making smart investments. Manufacturers should focus on maturing their cybersecurity stack and investing in solutions to cover employee awareness training, software, and hardware. Creating layers of security with vigilant employees, multi-factor authentication to protect credentials, monitoring to alert to system intrusions or abnormalities, updated firewalls and antivirus, and backup and recovery plans will help the industry improve it’s cybersecurity posture.