Manufacturing companies face increasing risk from cyberattacks. As noted by IBM’s Security Intelligence blog, ransomware incidents rose more than 150 percent across the manufacturing sector from Q1 2019 to Q1 2020. Other recent survey data found that two-thirds of manufacturing firms believe their data breach risk has increased over the past two years.
There’s no single cause for this upward threat trajectory — the combination of always-on connected devices with growing cloud computing use and the increasing need for big data analysis in production planning and management all play a role in the evolution of manufacturing attacks.
Here’s a look at the underlying causes, possible impacts, and potential remedies for the top four manufacturing cybersecurity threats.
The Impact of Industry 4.0 on Manufacturing
Industry 4.0 changes the way manufacturing companies conduct day-to-day operations. From the use of always-connected sensors and devices that make up the industrial Internet of things (IIoT) to the integration of “smart devices” capable of proactively predicting maintenance needs, the digitization of Industry 4.0 represents a significant leap forward for manufacturing firms.
Unlike its operational predecessors — mechanization (1.0), mass production (2.0), automation (3.0), and globalization (3.5) — Industry 4.0 represents a substantive move into the world of always-on, always-connected devices. While this provides a wealth of data to help companies make better-informed manufacturing decisions, it also introduces significant risk. Frameworks such as industrial control systems (ICS) and supervisory control and data acquisition (SCADA) solutions that were historically cut off from external Internet connections are now part of a larger integrated ecosystem. Often, this ecosystem lacks the security controls and oversight necessary to identify and eliminate risks.
What the Cloud Means for Manufacturing
Cloud computing also plays a significant role in the shift to Industry 4.0 as firms look for ways to connect disparate tools and systems across both local facilities and global operations. The result is significant spend by manufacturing firms on robust cloud services. Recent data suggests the cloud market for manufacturing will grow by more than 15 percent year-over-year for the next five years.
But increasing cloud adoption also comes with a concern: complexity. As more applications and services are added to existing IT infrastructure, it’s easy for teams to lose track of what’s been deployed, where, and why. Consider the addition of public cloud services to help bolster computing resources and the storage of big data. Traditionally, these functions reside on-site, making it easy for teams to monitor operations. But as functions shift into the cloud, IT staff must contend with multiple layers of network connection and communication. As a consequence, teams find it harder to see exactly what’s going on — which potentially exposes key data to cybersecurity risk.
The Top Four Cybersecurity Threats
For manufacturing firms, four cybersecurity threats are now common: Data exfiltration, ransomware, phishing, and insider attacks. Let’s break down each in more detail.
1. Data Exfiltration
Data exfiltration occurs when attackers compromise manufacturing networks and then steal data to share or sell. Exfiltration often starts with malware — malicious actors may use legitimate-seeming emails that convince users to click links or download attachments, which then deploy malware to infiltrate network-connected storage systems. Personnel, product, or financial data is then in the hands of hackers, who may sell it on the dark web or threaten its release unless companies agree to pay for its return.
Take the example of Titan Manufacturing and Distributing. The company’s network was compromised by data exfiltration malware for almost a year, during which time attackers stole the names, billing addresses, and payment card details of more than 1,800 customers.
Another major threat to manufacturers is ransomware. This threat vector sees attackers infecting systems with programs designed to encrypt critical manufacturing data, rendering it inaccessible for companies. Then, they demand payment for decryption keys and threaten to delete or sell the information if their demands aren’t met.
Ransomware was responsible for the 2019 attack on Norwegian aluminum company Norsk Hydro, which has manufacturing operations in more than 40 companies worldwide. While the company didn’t pay the ransom, removing malicious code and remediating the damage — combined with lost revenue — cost the company almost $75 million.
Phishing attacks happen when cybercriminals attempt to convince corporate users that they’re legitimate business contacts or members of the organization itself. In some cases, the intent of phishing attacks is to have users supply login credentials as part of a fake “reset” or “verification” process. In other situations, attackers attempt to compel specific — and costly — action. For example, attackers masquerading as C-suite executives may try to trick users into transferring funds into foreign bank accounts or request detailed HR data about specific employees. If staff can be convinced these emails are authentic, they often comply with requests immediately rather than double-checking because they don’t want to risk a management-level rebuke.
This was the case for aircraft parts manufacturer FACC. Attackers were able to convince multiple users that the CEO wanted money transferred into foreign accounts. The result was a loss of $61 million and civil prosecution of both the former CEO and chief financial officer for failing to detect and stop the fraud before it occurred.
4. Insider Attacks
Insider attacks may be the result of malicious action or accidental misuse of networks and data by employees. In either case, however, the results are the same: Manufacturing data is exposed, and corporate operations are put at risk. As noted by Industry Week, manufacturing firms now rank among the top five industries with the highest number of insider threats, and the average cost of an insider threat for a single manufacturing firm is more than $8.8 million.
Best Practices to Address Cybersecurity Concerns
To reduce the risk of manufacturing cybersecurity threats, firms need to follow three critical best practices.
As cloud and IIoT connections become more complex, it’s easy for teams to lose network visibility. This often creates a situation that sees companies acting based on what they think their network looks like rather than its actual structure. As a result, improved visibility is the first step on the road to enhanced cybersecurity.
Agility is also critical. With cyberattacks on the rise, it’s now a matter of when not if firms will be attacked. Consequently, organizations must be prepared to respond ASAP if threats or vulnerabilities are detected across their networks.
Increased Access Control
As the number of public-facing connections and services increases, companies need granular access control to ensure that the right people are accessing the right data at the right time. Additionally, they must have processes to flag potential malicious actors are flagged and refuse access.
Making the Most of Comprehensive Cybersecurity
Making the most of cybersecurity starts by recognizing the risk: Threats such as data exfiltration, ransomware, phishing, and insider attacks are now commonplace and costly.
Firms must also account for the increasing attack surfaces created by cloud-enabled Industry 4.0 deployments. From unintentional exposure to public-facing Internet connections to previously undiscovered vulnerabilities, the move to modern infrastructure comes with a commensurate threat increase.
What can organizations do to protect themselves? To mitigate the impact of evolving threats, companies need security solutions capable of delivering improved visibility, enhancing overall agility, and increasing access control. Only then can organizations fortify themselves against threats and protect their growth and profitability.