In June of last year, global meat-processing giant JBS fell victim to a ransomware attack which resulted in its entire US network halting operations for four days. The shutdown led to severe meat distribution disruptions across America, as well as costing JBS millions of dollars to regain control of its systems.

Unfortunately, this attack isn’t an isolated incident in the manufacturing industry. Far from it. According to IBM Security’s 2022 X-Force Threat Intelligence Index, manufacturing is now the world’s most attacked industry – outpacing finance and insurance for the first time in five years.

Attackers recognise the critical role manufacturers play in global supply chains, so are taking the opportunity to disrupt their operations and capitalise on their low tolerance for downtime. Worryingly, nearly half (47%) of attacks exploited existing vulnerabilities – highlighting the need for more effective vulnerability management – with a further 40% coming via phishing methods.

The main issue for manufacturers is that they are facing an extremely complex security environment. Over the last few years, several factors have converged to make manufacturing security a greater challenge than ever before.

"Ultimately, manufacturers have to assume that they’ll be breached at some point. That’s inevitable in today’s threat landscape," Ilan Barda, CEO of OT security firm Radiflow

Security headaches for manufacturing business leaders

It’s no secret that modern manufacturing has become increasingly reliant on automation and digitisation. This has accelerated with the advent of Industry 4.0 – resulting in more digital assets from multiple vendors, more connected systems and networks, and more IP-based web traffic.

Facilities must be able to communicate and share data with each other, along with third-party vendors or partners that typically need remote access to key systems – an issue that has been particularly exacerbated by the Covid-19 pandemic. Indeed, third-party attacks through a vulnerable partner or facility is one of the easiest ways into a manufacturers’ infrastructure.

On the one hand, this digital transformation has helped to drive down costs and speed up production. On the other hand, it has also greatly increased manufacturers’ exposure to cyber-threats. There are now so many more potential avenues and backdoors for hackers to exploit, which is why attacks have become so commonplace.

Add in the fact that regular security updates are often overlooked due to the financial impact of downtime – along with the increasing level of sophistication and automation employed by threat actors – and the scale of the challenge becomes clear.

So, how can manufacturing companies elevate their cyber security posture? What practical steps can they take to protect against both attacks and human error that could lead to downtime, lost business, or reputational damage?

Manufacturers must establish visibility

The first step for any manufacturer should be to map their entire network and generate a visual model of all assets, devices, connections, and protocols. With the complexity of modern manufacturing systems, gaining a clear picture of the infrastructure’s components and topology is critical to ensuring future security.

This can also provide insights into any weak spots or hidden entry points. Passive network modelling can be used to ensure that critical operations aren’t impacted, while establishing an activity baseline for detecting anomalous or suspicious behaviours.

Assess the risk level

Next, carry out a risk assessment to understand security posture, identify any critical gaps, and evaluate the potential business impact of an attack. Start by identifying what and who is threatening your network. Then, learn where your network stands in terms of risk exposure based on its unique characteristics.

This is an important step. Not only can it help manufacturers understand the effectiveness of corresponding mitigation measures, but it can also guide supporting decision-making around budgeting and risk reduction planning. A thorough assessment will highlight the areas most in need of security investment.

Take action

Once the assessment is complete, manufacturers will be in a position to prepare and implement an actionable security plan – this plan would be a combination of security controls that will be implemented to reduce the likelihood of a successful attack combined with a series of playbooks to guide attack responses. This could include restricting remote access to certain systems or updating security controls for legacy equipment.

These plans should be based on several factors including budgetary constraints, threat and control levels, and the organisation’s security preferences. For example, strengthening a specific business unit might be a priority in the short-term, while reducing overall business risk is more likely to be a long-term focus.

Keep watch over your manufacturing network

The final step should consist of ongoing and continuous network monitoring in real time. The threat landscape is constantly shifting, so constantly monitoring network activity is the only way to keep pace with attackers. This will enable manufacturers to manage security long-term by detecting abnormal behaviour that could signal a breach attempt.

Although it’s virtually impossible to prevent all breaches, continuous monitoring will empower security teams to discover attackers much earlier and therefore mitigate any potential business impact such as downtime.

Ultimately, manufacturers have to assume that they’ll be breached at some point. That’s inevitable in today’s threat landscape. But, by following these steps and implementing the right security framework, they’ll put themselves in the best position to maintain their operations and avoid costly downtime – even in the event of an attack.