Cyber Risk Aware Blog

How Does the Security Threat Landscape Affect Manufacturing Companies in 2019

[fa icon="calendar"] 15-Jun-2019 10:11:06 / by Cyber Risk Aware

From the dawn of the industrial revolution to just a few years ago, the basic model of manufacturing businesses barely changed at its core. Now, the game is completely different in a world that is increasingly technology and automation dependent. The digital revolution has disrupted many industries and manufacturing is no different. There has been significant transformation across the entire manufacturing value chain, from research and development, supply chain, and factory operations to marketing and sales; leading to significant gains in efficiency and productivity.

At the same times, this digitalised manufacturing climate has created many new points of entry for cyber criminals. The main risk vector for efficiency leakages and production theft is no longer along the production line, but in the server room.  Manufacturing companies are becoming more susceptible to cyber-attacks and data breaches because:

  • They generate and store warehousing data that is of interest to cyber-criminals.
  • Unlike other industries, they have not beefed up their security measures making them low hanging fruits for threat agents.

Companies in this sector need to accept that they are now in the spotlight of cyber criminal activities and must begin to acknowledge the importance of having a robust cyber security strategy in place as well as pay attention to the security aspect of their operations. Because in this current climate, even if a company is not specifically targeted by cyber criminals it may very well be affected by attacks on others, as cyber ‘collateral damage.’

 

Security Threats of Phishing, Malware and Ransomware

The cyber security threat landscape is constantly evolving with new threats emerging every other day. Some of these threats like phishing has withstood the test of time. Via phishing, threat agents  masquerade as  trustworthy people or businesses and attempt to steal sensitive financial or personal information through fraudulent email. Phishing attacks are some of the most successful methods for cyber criminals and this explains why it is still a very popular tactic with the recent 2019 state of cyber security report by ISACA citing (for the 3rd year in a row) phishing as the most prevalent type of attack encountered by most companies. This is also reaffirmed by the 2019 Verizon Data Breach Investigations Report where it was also stated that users are more susceptible to phishing attacks they receive on mobile devices.

Phishing is particularly bad news for manufacturing companies because if successful, cyber criminals can  gain access to sensitive data or release malicious software (malware)  in to the company's network system.  These malware like crypto-currency mining malware are also another huge security threat that manufacturing companies should stay mindful of mainly because they can lead to the destruction of materials and equipment resulting in huge financial losses. 

Another security threat that has become a big problem for manufacturers is ransomware because hackers in their attempt to extract money from companies go from encrypting files to fully paralysing computers across a company's network system. 2 months ago, Aebi Schmidt, a European manufacturing giant was hit by a ransomware attack that shut down and paralysed systems across the company’s international network, including its U.S. subsidiaries. Following the attack, systems necessary for manufacturing operations were inaccessible.

From the above incident, it is easy to see how ransomware results in a crippling disruption of business activities and companies that fall victim risk reductions in productivity and profitability, as well as a loss of reputation and, in some cases, a loss of clients. Another problem ransomware poses is that it can be almost impossible to know what the malware is targeting and what damage it is doing, if a ransomware attacks and infects a company's systems and its network suffer from a lack of visibility.  Furthermore, In some cases, getting rid of ransomware without paying the requested ransom is practically impossible, which results in the company losing all data stored on its servers. Even when a ransom is paid, there is often no guarantee that the promised decryptor key will be delivered, or that it will even work.

 

Industrial Espionage and Intellectual Property Theft

Before now, manufacturing companies were not particularly known for storing sensitive information, but over the years that has changed tremendously. Cyber-crimes on manufacturing companies are often designed to either steal intellectual property (IP) or carried out for the purpose of Industrial espionage. Gaining access to manufacturing secrets gives hackers plenty of possibilities, including selling them to the competition or asking for ransom.

Technical capacity used to vary widely among manufacturing companies, but nowadays there is a measure of technological parity.  As a result, for many companies, Intellectual Property is a key asset and in most cases much more valuable than any physical asset.  According to KMPG, if for example, competitors or suppliers of a company are able to obtain operational information from production systems, such as production and inventory data, they can  manipulate the market and  weaken the company's negotiating positions.

In manufacturing,  IP theft is considered the #1 cyber threat many companies face  as well as being the top data protection concern . The 2017 Data Breach Investigations Report by Verizon revealed that over 90% of data breaches in the manufacturing industry involved IP,  which makes the focus on securing IP justified. Another study carried out by Deloitte in 2016 showed that  over a 12 month period, 39% of manufacturing organisations experienced a breach with 38% of organisations affected incurring losses of more than $1 million and 35% of executives stating that they believe IP theft was the primary motive for the cyber attacks experienced by their company.

It can often be very difficult to prove allegations of IP theft without cast iron evidence, so in the event that a company’s security systems are penetrated and such secret information is lifted, there is generally little that can be done to remedy it. The only solution to this problem is to be proactive with information security efforts.

For manufacturing companies to protect themselves from this risk, an ideal cyber-security strategy for 2019 should include elements for segregated storage of data by value and priority, creation of exclusively trust-based access to certain data, regular audits and threat-detection hacks, creation of a comprehensive policy to guide employees’ data access and usage and integration with vendors and other links in the supply chain to make sure that the company’s entire data ecosystem is watertight.

 

Changing Regulatory Frameworks

The worrying increases in cyber-attacks across industries, have led Government administrations in many parts of the world to enact legislation that are intended to make companies more proactive in safeguarding their systems and computer networks from the risk of being breached. It is also intended to instil a sense of urgency in most organisation on the need for a heightened level of cyber-security awareness across the entire organisation.

The EU's General Data Protection Regulation (GDPR) enforced more than a year ago prescribes a set of stringent standards for all kinds of user data storage and use. This has global implications, because many companies – even those based outside of Europe – have important markets within the EU, necessitating them to demonstrate requisite compliance with GDPR and other security standards before being allowed to do business within the region.

As new digital threats emerge, governments around the world are increasingly enacting legislation that force businesses to re-examine their data security strategies in order to be compliant. For manufacturers, this means getting an understanding of the data they process, crafting a robust strategy on how to keep data secure and taking  the necessary precautions to strengthen their cyber-security protocols and information processes, in other to avoid costly penalties.

 

Leveraging digital technology and processes has many benefits for manufacturing companies including improved cost competitiveness, enhanced processes and staff skills, and the ability to maintain connectivity with supplier ecosystems. Today a lot of companies are dependent on digital and this dependency would only increase as the years go.  However to  effectively ride the waves of change and avoid falling victim to damaging breaches, companies need to ensure they are paying attention to the security risks that are inherent in the digital landscape and that cyber-security is top-of-mind across the organisation.

Topics: GDPR, phishing email, Cyber Risk as a Human Risk, manufacturing

Cyber Risk Aware

Written by Cyber Risk Aware