Manufacturing companies were far down the list of the most targeted sectors for cyberattacks as recently as 2018, but this changed rapidly. By 2019 manufacturing had moved up to the eighth most targeted sector and in 2021 it moved into second place (behind finance). It is clear that, unlike other industries, the manufacturing sector is learning cybersecurity the hard way!
While hackers may lock down your system, halt production, and demand a ransom, it can get worse. They also can compromise a company’s intellectual property, patents, and financial information. Worse still, they might breach a system and do nothing at all. That’s because bad actors know that there’s always a bigger fish to fry at the end of the supply chain. A defenseless supplier can provide relatively easy access to a more valuable target company.
Vulnerabilities and Risks
The challenges faced by the manufacturing sector are unique compared to other industries. Every manufacturing company is heavily dependent on a vast network of partners, vendors, suppliers, investors, third-party logistics companies, and distributors or buyers. A big network with many connections represents a big number of vulnerabilities. The dependencies among the members of the network are vulnerable pathways. The small companies—like metal fabricators—often have little visibility.
A vendor, supplier, or distributor that has been infected by malware can unknowingly compromise another company up the supply chain simply by sending an invoice, a schematic, or a specification. Any attachment sent can lead to a breach, and if credentials are stolen, hackers can even pose as you or as someone you trust. The SolarWinds attack and JBS ransomware attack are examples of the devastating results.
You are no longer responsible only for your own cybersecurity but also the cybersecurity of your clients. The liability and reputational damage caused by a breach have the potential to ruin a small company.
Common Attack Vectors
Artem Komarov reported that cybercriminals can use any of several pathways to gain access to network:
- Cybercriminals impersonate a target’s vendor using the vendor’s credentials and demand a ransom from the target.
- A cybercriminal may infect a supplier with dormant ransomware that does not activate until it reaches its intended target. The ransomware has a setting that keeps it dormant and essentially undetectable until it reaches the target. Colonial Pipeline was crippled by this sort of attack.
- Vendors use several Industrial IoT devices that have default passwords that can be compromised. If such a device—or any electronic equipment that has been compromised—is shipped to a recipient and installed, it can lead to infection of an entire business.
- Most of the OEM security updates are pushed through the vendor networks via over-the-air communications. Hence, vendors usually have administrative privileges to install these updates. A cybercriminal can either exploit this opportunity to push a malicious code into victim’s system along with the actual update or orchestrate a completely fake update and push it out to millions of such devices at once. This last method was used in the infamous Kaseya ransomware attack that occurred during last year’s Thanksgiving weekend.
Prepare, Prevent, Respond
It is about time for manufacturing organizations to realize that cybersecurity is a specialist’s job. The IT team, regular IT vendor, or managed services provider usually don’t have the specialized background needed to detect, prevent, and combat cyber threats.
Specially trained cybersecurity teams or managed security services providers both own and are trained to use tools such as managed detection and response, user behavior analytics, and process behavior analytics. These tools are dedicated to tracking machine behavior to detect irregularities in networks, devices, and communications. For example, unauthorized access to memory racks and data being copied or transferred is noticed and flagged. If this behavior continues beyond predetermined limits, such tools can cut off these actions.
Manufacturers also must craft a thorough incident response plan and appoint a team to implement the plan. Research shows that organizations with well-thought-out plans and trained teams bounce back to normal more easily and endure less damage.
Cloud-based Software Can Protect You
Companies that had already made the switch to cloud-based email services (like Office 365 or Google Suite) found themselves completely protected against many of the recent cybersecurity threats. Why? The major cloud providers staff 24/7 network operations centers and keep their systems up to date. They are better positioned to detect and block phishing and malware campaigns spreading through email.
Cloud providers are responsible for backup and recovery when an incident occurs. As a bonus, you don’t need to make capital investments in servers. Cloud-based tools generally reduce some burden on your IT staff or eliminate the need for in-house IT resources. This is especially important in manufacturing, where many organizations don’t have dedicated IT staff; instead, IT responsibilities fall on the member of the operations staff with the most technical knowledge. It’s very hard for these busy jack-of-all-trades to keep up with threats as they unfold in real time and be prepared to take quick action to patch and isolate vulnerable systems, Artem Komarov summarised.