Cyber Crime and Manufacturing

Word on the streets is that manufacturing companies can’t afford complacency about cyber crime attacks. They’ve got to step up their security, and keep the risk front-and-center in their digital landscape.

Cyber attacks on financial institutions have been highly visible for a long time. These businesses are obviously a top target, plus security breaches on financial institutions are highly newsworthy, because the entire news audience may be potential victims—think high-profile breaches like that of Target in 2013, which affected tens of millions of their customers.

As I said a few weeks ago, one possible cause is that manufacturers often put fewer resources into information security, making them a popular target for cyber criminals.

Why Manufacturing Is Vulnerable to Cyber Attacks

A recent article on Thomasnet.com, Cybercriminals Shifting Focus Away from Financial Sector to Target Manufacturers, offers a few other reasons.

• Primary targets such as banks and tech companies’ increased investment in security mean manufacturing and other sectors are now considered easier targets and “low-hanging fruit.”
• Manufacturing companies becoming collateral damage when they are unintentionally caught up in ransomware attacks such as Wannacry and NotPetya.
• Increasing use of IoT (Internet of Things) devices that often have poor security (such as default passwords) and can provide a foot in the door for cybercriminals.
• Manufacturing companies warehousing data that is of interest to cybercriminals.
• Lack of cybersecurity safety awareness and adequate staff training.
• Vulnerabilities throughout the supply chain wherever suppliers have remote access to systems.

The article also offers steps to take to improve security:

• Have a data plan that identifies critical areas vulnerable to cyber attacks and puts appropriate security measures in place.
• Map your attack surface across all manufacturing plants and down the supply chain.
• Ensure all operational technology, products, and services integrated into manufacturing processes have an acceptable level of security.
• Investigate the security compliance of acquired companies before incorporating their systems into your network.
• Prioritize the updating and patching of outdated operating systems, even if this means expensive downtime for your manufacturing operation.
• Utilize a managed security service to monitor and defend your networks.

Manufacturing Victims of Cyber Attacks: Case Studies

Are you curious about what kinds of cyber attacks manufacturing has experienced? Me too.

An article from Deloitte titled Global Cyber Executive Briefing outlined three cases.

In case #1, hackers gained access to sensitive systems and data at a global automotive manufacturer. Malware gave them access to employee log-in credentials, and they targeted intellectual property related to automotive technology.

In case #2, a worm seized control of industrial plants at a multinational engineering and electronics firm. The attackers got control of networks used to monitor and control critical industrial systems. They used infected removable media such as USB devices.

In case #3, an executive stole intellectual property from a competitor. The executive used old login credentials from a previous employer to gain access to privileged information and steal ideas.

There is simply no question that manufacturers have to step up their game in cyber security. We are reaping benefits of automation and connectivity and the IoT. However, every high-tech advance leads to another crack in our security, and we can’t afford to ignore these risks.