Cyber attacks targeting businesses, especially manufacturing and the supply chain, have become increasingly complex, and the stakes have never been higher. Hackers have started to move from selling stolen data towards holding data ransom, and manufacturers have become popular targets because they cannot afford to be shut down for extended periods. Bad actors use malware delivered through phishing attacks that take control and shut down manufacturing equipment unless they are paid a ransom. As connectivity continues to grow, the potential impacts may become broader and more significant. Yet many manufacturers are not prepared. Why are manufacturers now such a large target for cyber threat actors?
Threat actors are seeking to steal intelligence on any new product, process, or technology that a manufacturer creates, which can be anything from obtaining blueprints of confidential designs, secret formulas, or unique assembly processes. This information can then be used by adversaries to sell products at a lower price and cut both competitive advantages and margins.
The fact that these cybercriminals know that manufacturers hold valuable sensitive information, they are an increasingly attractive prospect for them because they know how exposed your IT systems are to infection. The threat actors are aware that manufacturers are concerned with securing their operations environment, which in turn means neglecting their IT security, often leaving networks unprotected. These criminals also know that a manufacturers’ supply chain is large and complex with vulnerabilities in abundance, therefore the ideal environment to attempt an attack that can rapidly propagate across networks and infect various suppliers and businesses easily.
It is evident then, that cybersecurity is not only a challenge for a manufacturer’s IT department, but for the operations and leadership teams too. Although many manufacturers are not able to demonstrate good enough cyber security practices, which is worrying considering that it is becoming a vital requirement written within contractual agreements for manufacturers to have effective cyber security processes in place for their customers.
It’s worth remembering that if production goes down even for the shortest time, the impact can be irreparable- with millions of dollars potentially lost. This, combined with the risk of reputation that a manufacturer could face in the event of an effective cyberattack or data breach means that in order to survive and thrive in an interconnected digital age, many manufacturers must adopt a highly proactive mindset and approach to cybersecurity.
Supply Chain Cyber Attacks
Manufacturers also need to be aware of the threats they face from vulnerabilities and weaknesses in their supply chain. Supply chain security is every company’s responsibility. Cybersecurity in the supply chain cannot be viewed as an IT problem only. The supply chain as a whole is only truly secure when all entities throughout the supply chain carry out effective, coordinated security measures to ensure the integrity of supply chain data, the safety of goods, and the security of the global economy. Some of the concerns include risks from:
- Compromised software or hardware purchased from suppliers
- Third party data storage or data aggregators
- Poor information security practices by lower-tier suppliers
- Software security vulnerabilities in supply chain management or supplier systems
Inadequate cybersecurity practices by lower-tier supplies introduce loss events and increasing risk to supply chain partners.
How Do These Criminals Carry Out These Attacks on Manufacturers?
The top three ways cybercriminals attempt to attack manufacturers are by phishing, ransomware, and internal breaches. As previously discussed, the supply chain is attractive to hackers because networks are highly interconnected and interwoven which has proven to be a double-edged sword. While it helps in production by improving efficiency, a successful breach can trigger a domino effect, reaching all the companies up and down the supply chain.
After gathering sufficient information on a target, criminals can reach out to other factory employees from the victim’s corporate email address. The most common example of this scheme is a supervisor seemingly reaching out to an employee to change payment details during a new account set up with a new supplier. Hackers are so advanced that they can learn stylistic points like tone and company shorthand, all with the end goal of making the request seem as normal as possible. If successful the payment is diverted to a different recipient and is irretrievable. Once the funds have been transferred, the hacker can delete evidence that the email was ever sent from the original account, so the victim would never know.
Ransomware is another common attack technique. The fact that manufacturers have an extremely low tolerance for downtime, its possible that it can be less costly for the business to pay the ransom and regain control quickly to continue operations. Confusion with regulatory compliance is also an advantage that the hackers know they have.
Lastly, internal breaches are the most difficult threat to guard against. Due to employees connecting to business networks from several – even potentially personal – devices instead of company-issued and vetted machines, hackers can gain a foothold. Manufacturers need the appropriate control permissions and keeping- and keeping them accurate to role changes – is essential, but often an underestimated protection.
What Can Manufacturers do to Protect Themselves?
The best way to start is by returning to security fundamentals such as:
- Restricting employee access to systems and siloing appropriately by role
- Segregate duties for highly sensitive systems across multiple employees
- Ensure that all employees who interact with a system are thoroughly trained
- Stay up-to-date with secure backups, this will minimize downtime in the event of a breach
- Have a strong recovery plan to mitigate losses and test it often
Manufacturers are advised to undergo thorough security testing and assessments to identify and quantify where their network is at risk. Here are a few things that can be done to help make sure your cyber plan is robust:
- Partnering with a cybersecurity specialist that can implement penetration testing, which subjects a manufacturers’ network to real world cyberattack scenarios in a safe environment, can be a useful first step to obtaining a thorough evaluation of the current organizational defenses, security policies and system architecture.
- Implement or enhance logging
- Multi- factor authentication (MFA)
- Manage user privileges on a regular basis
- Integrating endpoint security capabilities
- Applying patches to affected assets as soon as they become available
- Vigorous employee training (human error is the biggest cyber vulnerability)
Threat actors are constantly evolving, upskilling, and becoming better resourced, and manufacturers cannot ignore the threat that is out to sabotage their IT infrastructure at any cost. Protecting your manufacturing operation involves more than just insuring your Product Liability exposure, your cyber risks also need to be mitigated and that’s why partnering with the right advisors can make a drastic difference in the success of your business. At The Bunker, we focus on helping manufacturers manage their total cost of risk and we look forward to working with you! Give us a call at 954-239-7346, so we can help your business move from danger to a safe place