Manufacturing companies were far down the list of the most targeted sectors for cyberattacks as recently as 2018, but this changed rapidly. By 2019 manufacturing had moved up to the eighth most targeted sector and in 2021 it moved into second place (behind finance). It is clear that, unlike other industries, the manufacturing sector is learning cybersecurity the hard way!
While hackers may lock down your system, halt production, and demand a ransom, it can get worse. They also can compromise a company’s intellectual property, patents, and financial information. Worse still, they might breach a system and do nothing at all. That’s because bad actors know that there’s always a bigger fish to fry at the end of the supply chain. A defenseless supplier can provide relatively easy access to a more valuable target company.
Vulnerabilities and Risks
The challenges faced by the manufacturing sector are unique compared to other industries. Every manufacturing company is heavily dependent on a vast network of partners, vendors, suppliers, investors, third-party logistics companies, and distributors or buyers. A big network with many connections represents a big number of vulnerabilities. The dependencies among the members of the network are vulnerable pathways. The small companies—like metal fabricators—often have little visibility.
A vendor, supplier, or distributor that has been infected by malware can unknowingly compromise another company up the supply chain simply by sending an invoice, a schematic, or a specification. Any attachment sent can lead to a breach, and if credentials are stolen, hackers can even pose as you or as someone you trust. The SolarWinds attack and JBS ransomware attack are examples of the devastating results.
You are no longer responsible only for your own cybersecurity but also the cybersecurity of your clients. The liability and reputational damage caused by a breach have the potential to ruin a small company.
Common Attack Vectors
Cybercriminals can use any of several pathways to gain access to network:
- Cybercriminals impersonate a target’s vendor using the vendor’s credentials and demand a ransom from the target.
- A cybercriminal may infect a supplier with dormant ransomware that does not activate until it reaches its intended target. The ransomware has a setting that keeps it dormant and essentially undetectable until it reaches the target. Colonial Pipeline was crippled by this sort of attack.
- Vendors use several Industrial IoT devices that have default passwords that can be compromised. If such a device—or any electronic equipment that has been compromised—is shipped to a recipient and installed, it can lead to infection of an entire business.
- Most of the OEM security updates are pushed through the vendor networks via over-the-air communications. Hence, vendors usually have administrative privileges to install these updates. A cybercriminal can either exploit this opportunity to push a malicious code into victim’s system along with the actual update or orchestrate a completely fake update and push it out to millions of such devices at once. This last method was used in the infamous Kaseya ransomware attack that occurred during last year’s Thanksgiving weekend.
Prepare, Prevent, Respond
It is about time for manufacturing organizations to realize that cybersecurity is a specialist’s job. The IT team, regular IT vendor, or managed services provider usually don’t have the specialized background needed to detect, prevent, and combat cyber threats.
Specially trained cybersecurity teams or managed security services providers both own and are trained to use tools such as managed detection and response, user behavior analytics, and process behavior analytics. These tools are dedicated to tracking machine behavior to detect irregularities in networks, devices, and communications. For example, unauthorized access to memory racks and data being copied or transferred is noticed and flagged. If this behavior continues beyond predetermined limits, such tools can cut off these actions.
Manufacturers also must craft a thorough incident response plan and appoint a team to implement the plan. Research shows that organizations with well-thought-out plans and trained teams bounce back to normal more easily and endure less damage.
Some manufacturers may opt for cyber insurance, thinking that will be a solution on its own. However, this doesn’t alleviate a manufacturer of responsibility. Insurers often conduct comprehensive audits to evaluate their potential clients’ risk management practices and exposures, and the audits are becoming increasingly stringent. Manufacturers that are better prepared before an audit tend to get policies with lower premiums and deductibles.
About the Author
As an Associate Director at Alliant Cybersecurity, Trey Stokes educates business executives to help them better understand and minimize risk in the rapidly evolving information age.
Before working with Alliant Cybersecurity, Stokes worked at AT&T for 4 years in Mid-Market account management helping sub fortune 500 businesses design data, cloud, and telephone networks. A large focus of his job was to build these networks to be secure and reliable.
Before working with AT&T, Stokes received a Masters in Marketing from the University of Alabama’s Manderson School of Business. He also received a bachelor’s degree in psychology during his time at The Capstone.