Cyber threats are an all too common danger for companies in all critical infrastructure sectors. Historically, the threat of cyber-attack was thought to be largest against financial institutions, retail chains, and the medical sector. However, as manufacturing has become more reliant on data and technology, the threat of cyber-attacks on the industry has grown. This especially true for critical manfacturing, like aviation and the defense industrial base (DIB), but true for any manfacturing. This means that all companies operating in the manufacturing sector should be aware of the cyber threats they face, such as ransomware, spyware, and adware, and should know how best to combat them. What follows are the most common threats facing manufacturers today.
Phishing attacks involve tricking the recipient of an email or text into opening a link, providing hackers with an entry point into a secure network. These messages will appear to have been sent from within the company itself or from a trusted partner organization. The messages will often be meticulously created, using the correct terminology and imagery to appear official.
Phishing remains one of the most prevalent cybersecurity threats, as it accounted for 85 percent of the threats to manufacturing businesses. Once a hacker has gained access to the secure network, they can move unnoticed, acquiring the information needed to complete the attack. This information will either be ransomed back to the organization or sold on the dark web.
Manufacturing companies are often more vulnerable to phishing attacks due to a long supply chain that comprises many disparate organizations, providing more points of entry for hackers.
- IP Theft
A manufacturer’s intellectual property (IP) is what differentiates it from its competitors. This information is, therefore, one of the most valuable assets of a manufacturer, and its theft can have disastrous results. IP theft is reported as one of the most costly cyber threats. IP theft can be carried out by outside parties looking to steal trade secrets or other sensitive information, but it can also be carried out by employees or other insiders looking to make some quick cash by selling the information.
Hackers can gain access to the network through phishing or other nefarious means and then plant malware that can allow them to obtain sensitive information without being noticed. IP theft can have disastrous consequences for a manufacturing business. It can allow competitors to get a jump on developing new technologies, allowing them to compete for sales without first investing in the necessary research and development.
Instances of IP theft can also be incredibly difficult to prove. Every effort should therefore be made to prevent IP theft before it occurs, from identifying vulnerable assets and taking steps to protect them to training employees to watch out for potential threats.
- Data Spillages
Data spillages can affect companies in any industry, including manufacturing. However, the risks presented for the manufacturing industry may be different to those associated with retail data solutions, for example. Data spillages occur when sensitive data is accidentally released. This could be through the sending of an email to the wrong recipient or through storage devices being lost or stolen.
The type of data a company stores can vary and can include everything from customer details to confidential plans or blueprints. If your company procedure is to record cell phone calls for compliance or quality assurance reasons, then even audio data could be at risk. To limit the occurrence of data spillages, staff should be trained on best practices regarding data security. It’s also a good idea to employ data loss prevention software.
The manufacturing sector is at increasing threat of ransomware attacks, with 13.9 percent of incidents in North America in the last year being on manufacturing companies. Ransomware functions by encrypting the files on a network, making them unusable. Hackers can then demand a ransom in exchange for the decryption key, which will make the files usable again.
These attacks are so effective against the manufacturing industry because of the time constraints involved. Time is money, and manufacturers will often opt to pay a ransom, as the amount paid out to hackers could end up being less than the losses accrued from the delay in manufacturing.
The manufacturing industry is particularly susceptible to ransomware because of the abundant usage of computer-aided design (CAD). Access to these files is required for manufacturing to proceed, so making them unusable can be crippling to a company.
- Supply Chain Attacks
Supply chain attacks occur when attackers target a company’s business partners or suppliers. This can be done through phishing or otherwise compromising the networks of these third parties. Once an attacker has gained access to the network, they can then attack the manufacturer to steal data, plant malware, or simply disrupt the supply chain enough to halt production.
The manufacturing industry is so susceptible to these types of attacks because of the number of vulnerable endpoints present across a wide number of interconnected suppliers. This gives hackers multiple ways to access a network and ultimately attack the manufacturer.
On top of this, because each step in the supply chain is often reliant on other companies in the chain, an attack on one supplier can quickly cripple many other companies, too. To prevent serious attacks on supply chains, manufacturers need to carry out extensive risk management and activity monitoring on all their suppliers.
- Nation-State Attacks
Cyber threats to manufacturing companies aren’t always carried out by competitors or independent actors. Attacks can be carried out by the governments of other nations or threat actors employed by the governments of other nations. These attacks will often be extremely sophisticated and can have incredibly serious effects.
These attacks can be economically motivated and be used to try and destabilize the economies of foreign powers. They could also be militaristic in nature, with foreign governments attempting to strengthen their own military strategies while weakening their rivals’ strategies.
When trying to accomplish either of these goals, manufacturers make for attractive targets, with 17.7 percent of nation-state attacks in 2020 occurring in the manufacturing sector. Nation-state threat actors are often incredibly well-funded and are, therefore, equipped with sophisticated tools. They’re also highly trained. This makes these kinds of attacks particularly difficult to detect and prevent.
Cyber warfare attacks carried out by nation-state actors have the potential to shut down key infrastructures, such as energy and transportation. They can also disrupt military contractors and, in extreme cases, the operations of entire governments.
- Equipment Sabotage
As businesses embrace new technologies, like IVR phone systems, new threats must be identified and new risks eliminated. It’s not only information technology (IT) that’s at threat of cyber-attacks. Operational technology (OT) can also be vulnerable.
Equipment sabotage occurs when attackers damage the equipment needed for manufacturing, leading to the disruption of operations. These kinds of attacks are made possible as operational technology has increasingly become connected to modern communication systems. These machines have often only recently become linked to network infrastructures and so may be operated without the necessary security measures to protect them from threats. This can mark them as weak points in the network.
It’s possible for hackers to use these machines as entry points into a secure network, but it’s also possible for them to disrupt operations by simply shutting them down or irreparably damaging them. The destructive potential of equipment sabotage cannot be overstated, so companies should make every effort to ensure that potential vulnerabilities in machinery are addressed quickly and effectively.
- Telecommuting Risks
The advent of telecommuting and better software system integration has allowed many employees to work from home, allowing manufacturers to benefit from global workforces and providing greater flexibility for many employees. The number of employees working remotely has increased steadily in the past couple of decades, with a sharp increase during the latter half of 2019.
However, this arrangement can also have negative implications for cyber security. Employees will often utilize personal devices when working remotely, which can lead to challenges when trying to create a secure network.
These devices, if not secured to the same standard as the rest of the network, can produce vulnerabilities that can be exploited by hackers. A breach through one of these devices, through phishing, malware, or other means, can provide access to a wide range of sensitive information.
To protect against the risks arising from telecommuting, companies should ensure that all devices are vetted before use and that device management and activity monitoring practices are undertaken.
Remote employees should also be well trained in security awareness, and best practices should be implemented to ensure that high levels of care are taken at all times. If you use services such as eVoice as a business phone provider, you could consider more secure options as an eVoice alternative.
Manufacturers are at increasing risk from cyber threats as the industry increasingly relies on interconnected systems and stores more and more data. Steps must be taken to ensure that companies minimize the risk and impacts of cyber-attacks. Great care should be taken to avoid data spillages, and employees should be properly trained in security protocols and better communication practices to reduce the chances of successful phishing and ransomware attacks. Take precautions, remain vigilant, and remember that manufacturers are just as much at risk of cyber-attacks as any other industry.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs. com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www. redskyalliance. org/
- Website: https://www. wapacklabs. com/
- LinkedIn: https://www. linkedin. com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings