With increasing speed and consistency, data breaches and financial losses due to cybersecurity incidents are occurring across companies of all types – and small and medium-sized manufacturing companies are not exempt.
Manufacturing continues to be a top target of cybercriminals. As reported in the 2019 Verizon Breach Report, the industry experienced 536 incidents, 73 with confirmed data disclosure. In 2020, the industry reported 922 incidents, 381 with data disclosure. This is an increase of 66% of in incidents and a 422% increase in the number of data disclosures year over year. These were only the “reported” incidents. The number is likely much higher.
Two things that attract a cybercriminal to a specific type of company or industry:
- There are digital assets inside those companies or institutions that can be easily monetized or utilized for profit.
- The ease with which they can obtain those digital assets.
Manufacturers tend to check both boxes. From a digital asset perspective, intellectual property related to your manufactured products is highly valuable.
In 2016, a Midwest manufacturer that provides products to the oil and gas industry realized their engineering network had been breached after they lost out on a bid. The winning bid went to a Chinese manufacturer and whose product was frighteningly like the Midwest manufacturer’s product. After a forensic audit of their network, the Midwest manufacturer determined their engineering data had been compromised from a Chinese IP address.
Secondly, how difficult is it to get the digital assets?
The cybercriminal community recognizes that many manufactures, particularly small and medium-sized, have not taken the appropriate measures to properly protect their systems and data from attack. It is an industry that cybercriminals consider to be an easier target than banks or retailers.
Threats, Vulnerabilities and Emerging Issues for Manufacturers
There are several threats and vulnerabilities that manufacturers need to protect against. The most common today is the threat of malware and ransomware.
Malware is a piece of software code that may take several actions, including obtaining login credentials, copying and stealing files, or causing disruptions to operations. Ransomware is a single-purpose piece of malware that encrypts your files throughout your network, locking you out of being able to access your data or your systems. You’re forced to pay a ransom to obtain the decryption password (key).
The most common method to deliver malware and ransomware is through phishing emails. These are emails that try to take advantage of human weakness by convincing someone to click on a link or open an attached file to the email. That action unleashes the malicious code into your network.
Another emerging threat is the expansion of your network beyond the four walls of your facility(s). As more manufacturers and their customers become interconnected with each other, you not only need to worry about the security of your network, but also the security of your customer’s network, or perhaps the security of your suppliers’ network.
Additionally, manufacturing internal networks are expanding as much if not more than any other industry.
The advent of the Internet of Industrial Things (IoIT) has dramatically increased the risk profile as there are that many more entrance points into your network. Honda Motors, which experienced a global ransomware attack in 2020, found their internet-connected assembly lines disabled because of the ransomware attack.
Finally, the amount of data you are maintaining within your company has increased dramatically in the last 3-5 years. These new databases, data marts, data warehouses, etc. create additional targets for the bad guys to target and more technology you need to protect.
How Can Small-and-Medium Sized Manufactures Protect Themselves?
There are a few very simple and cost-effective “blocking and tackling” actions small and medium-sized manufactures can do to better protect themselves from cyber-attack. These include:
- Make sure your applying software patches as soon as possible.
- Enforce strong password Do not allow easily guessed passwords on your network.
- Provide training and awareness to your employees. Make them aware of the threats of phishing emails and demonstrate what type of red flags they should look for in these emails.
- Reduce employee access to systems and remove administrative access from all employees and limit it to IT.
- Encrypt your workstations and servers and disable USB drives if possible.
- Implement and maintain a good data backup plan and test the restorability of your backups a few times a year. Store backups off-site.
- Patching Your Software — Most of the breaches that occur take advantage of known vulnerabilities in software you have on your network. Whenever you get software updates, those software updates are security updates. You need to beat the cybercriminals to those vulnerabilities that exist in your network and patch those vulnerabilities.
- Develop an incident response plan and practice it. If you’re breached, know what your first phone calls will be and what are actions you can take to contain and eradicate the threat.
Blue & Co has a cybersecurity practice ready to help you assess your risks and recommend practical and pragmatic controls that will reduce your risk of a cyber-attack.