Why manufacturing supply chains are at risk of cyberattacks

Rick Jones, CEO of DigitalXRAID, explains why manufacturing supply chains are vulnerable to cyberattacks - and what the industry can do to protect itself

The ransomware attack earlier this year on a key Toyota supplier is the latest in a string of high-profile supply chain breaches, including SPAR and SolarWinds. Hitting Kojima Industries and forcing Toyota to suspend 28 production lines at 14 factories, the attack also threatened to extend into the Japanese carmaker’s IT systems, highlighting the key vulnerability of supply chains as cybercriminals look to leverage them to access the wider network.

With IBM reporting that the UK manufacturing sector experienced 19% of all UK cyberattacks in 2021, and manufacturing being the most targeted industry sector in the US (23% of attacks nationally), the question remains: Why are manufacturing supply chains so vulnerable to cyberattacks?

The risk of cyber attacks and political instability

The current cyber and political climates are exacerbating the threats posed to the manufacturing sector and their supply chains. Ransomware is now a business-critical issue, having fast become a question of “when” not “if”. The threat this malware poses to the manufacturing industry is undeniable considering reports show that global supply chains are bearing the brunt of ransomware attacks. Further compounding the issue is the fact that some organisations are still paying out to ransomware gangs, going against official guidance from the National Cyber Security Centre (NCSC). 

Ransomware has also become a greater threat following Russia’s invasion of Ukraine earlier this year. The conflict has increased the cyber risk to key national infrastructure, with utilities and the public sector having particularly large targets placed on their backs. Although companies may dismiss the threat of cyberwar as not applicable to them, any small business part of the supply chains is a potential target and victim. Cybercriminals are becoming more organised and targeted in who they launch attacks against, seeing “success” in attacking smaller organisations with weaker cybersecurity protection, and exploiting them as a back-door entrance to the wider supplier network. 

How the manufacturing industry can proactively defend its cybersecurity

Manufacturing businesses and supply chains should be looking to proactively adopt cybersecurity measures. First, they must recognise the importance of a strong cybersecurity posture and understand the risks of being part of a supply chain. For any organisations working together, it is integral that liability around cyber breaches is contractually agreed and all partners can provide evidence of the cybersecurity procedures they have in place. Implementing regular penetration testing, for example, can help identify key areas of vulnerability and outline how to bolster them – a critical step when considering IBM found that 47% of cyberattacks on US manufacturing organisations were caused due to vulnerabilities that had not yet or could not be patched. 

Concurrently, cybersecurity training for employees conducted regularly can significantly reduce the likelihood of accidental insider threat, while adopting a Zero Trust architecture represents a greater cultural shift. By believing that every asset, device and user is a potential threat, Zero Trust removes implicit trust to ensure that malicious actors cannot access a network by hacking a privileged user’s account. Adopting a security-first mindset across all levels of the supply chain can aid the implementation of a Zero Trust architecture and culture, and help manufacturing organisations better protect themselves against cyberattacks.

Although these measures are all vital to improving the manufacturing sector’s cybersecurity posture, ultimately working with a trusted security partner is one of the best ways organisations can protect themselves. Outsourced Security Operations Centres (SOCs) provide 24/7/365 threat monitoring to businesses, allowing them to benefit from the aggregate value and industry-wide knowledge of the threatscape cybersecurity professionals have acquired. 

Supply chains will continue to be a huge target for hackers, and the levels of cybercrime in the UK show no sign of abating. Manufacturing organisations and those they work with must be hyper-aware of the risks that ransomware poses to their business. Yet it is not all doom and gloom. These risks can be mitigated, but this must be done proactively and holistically to always stay one step ahead of bad actors. 


Featured Articles

Top 10: Manufacturing Companies in MEA

Manufacturing Digital takes a look at the top 10 largest manufacturers in MEA, including Sharp, Genetco and Julphar

Manufacturing & Mobility LIVE heads to Chicago in 2025

Manufacturing & Mobility LIVE expands into in-person events, heading to the US with its sister events P&SC LIVE and Sustainability LIVE

What to see and do at GSMA MWC Shanghai 2024

At the 2024 GSMA MWC in Shanghai, guests will learn more about the future of 5G and IoT, as well as the role of mobile connectivity in manufacturing

EV Recycling Driven By Tata Steel, Nucor and Dowa Holdings

Sustainability & ESG

Brooke Weddle: Manufacturing Needs A Rebrand

Production & Operations

Immensa and Intaj Suhar partner to boost Omani manufacturing

Procurement & Supply Chain