Manufacturing and cybersecurity: the evolving threat landsca

The implosion of technology, automation, and innovative developments in industries are increasing exposure to cybersecurity risks. Manufacturers have become an increasingly appealing target as smart factories are becoming more accessible. While these factories offer more automation, lower manufacturing costs, and higher productivity, the cloud migration trend has created a wider attack surface for malicious actors.

Which sectors of manufacturing are most at risk?

A recent study by Moody’s Investor Services discovered that in manufacturing, critical manufacturing sectors, which produce products essential to the country’s infrastructure, are at great risk for attacks. Gas, electric, water utilities, telecommunication, chemical, and energy manufacturers were listed among those with the highest risk of being targeted for an attack.

Even industrial control system attacks have been growing over the past few years with no signs of slowing down. Manufacturers are especially targeted by bad actors due to their high likelihood of paying a ransom, due to these manufacturers frequently having subpar and inadequate security measures in place. The manufacturing sector is now one of the most targeted sectors, and it’s time for the tech leaders in this industry to step up and reassess their current defences.

What is driving the rising threat for manufacturers?

Manufacturing plants can have up to hundreds of different devices on their network, forcing tech leaders to neglect many of these devices and lag in adopting security measures simply due to a lack of resources, money, and time. Cybercriminals are aware of this and are operating on the assumption that these manufacturers can’t monitor and manage every endpoint on their infrastructure. Larger manufacturers can go days or even weeks without noticing an attack, due to the sheer number of devices on their network.

By taking control of several devices, cyber attackers create a botnet, or a network of computers remotely forced to run malicious code. Botnets are commonly deployed in Distributed Denial-of-Service (DDoS) attacks and phishing attacks. 

Where is manufacturing most vulnerable? 

Historically, the greatest source of vulnerability has been people, especially employees who may open suspicious emails and expose private corporate information. 

Here are a few notable examples of such case:

In 2017, retailer Target was the victim of an attack when bad-faith actors were able to gain access to the customer database via a phishing email sent to a third-party HCAV vendor, granting them remote access to important billing and contract fulfilment data. The criminals managed to steal employee credentials, allowing malware to be installed on several computers, with over 40 million credit and debit cards and 70 million customer records stolen within days. In total, this breach cost Target over $18.5 million.

One of the most common methods of obtaining confidential information and data is through the use of social engineering. With social engineering, which targets humans instead of technology, attackers can manipulate people into giving up otherwise private information, such as passwords or personal details. Typically, cyber attackers will pose as trustworthy figures such as C-suite team members or representatives of legitimate organisations to manipulate valuable information out of unsuspecting employees. The advent of technology such as artificial intelligence is making this even harder to circumvent, with generative AI able to create convincing voice clips that sound identical to the person being impersonated.

Ransomware still remains one of the biggest threats facing manufacturers, especially medium and large corporations. Wide-scale attacks can even directly impact and threaten the economy, a recent example being an attack on Colonial Pipeline which siphoned $4.4 million in ransom from the company. Colonial is the largest fuel conduit system in the United States, and this particular attack prevent millions of barrels of gasoline, diesel, and jet fuel from being utilised. A spokesperson for the company later stated that the economic fallout from an extended shutdown would be far worse than just paying the ransom.

DDoS attacks are becoming more common as well, with these large-scale attacks capable of shutting down machines and even networks, rendering them inaccessible to the owner. This is achieved by the DDoS flooding the network with traffic requests, denying genuine traffic from accessing the service or website. Last year, Google claimed that it stopped the largest DDoS attack ever, with 46 million requests per second (RPS) halted from flooding the servers. As these attacks are increasingly growing in complexity and frequency, business leaders must get ahead of attackers and take the precautions necessary to prevent such attacks.

Is more action called for to navigate the rising threats?

Luckily, all is not lost when it comes to preventing the preceding attacks, and even if these attacks manage to penetrate business infrastructure, with the right precautions in place, damage can be minimal. There are a few steps suggested tech leaders can take to put such measures in place, mostly involving employee awareness training. These include red team exercises, attack simulators, and constantly testing the backup and security systems in place. Penetration testers can also be hired to expose any potential vulnerabilities in a business’s infrastructure as well.

A Canalys study found that outsourcing, consulting, and managed services will continue to grow, eventually accounting for almost 65% of the worldwide cybersecurity market in 2023. MSPs can help businesses by filling in security gaps, providing customised services and implementation, and even offering long-term support. With the support of MSPs and taking the steps recommended by cyberattack experts, manufacturers have the power to severely mitigate any potential damage caused by bad-faith actors and even stop them in their tracks.