What are the most common cyber threats facing the manufacturing industry?
Cyberattacks are on the rise every year and continue to make headlines. Over the past two decades, many manufacturing companies tended to believe that they were protected from cyber threats due to their insularity and lack of computerized connectivity with the outside world. However, with the rise of Industry 4.0 and the introduction of systems that use networked devices, what was once siloed is now open and vulnerable to the same types of security threats that typically affect companies with more classical IT systems.
According to the Global Threat Intelligence Report (GTIR) for 2021, the manufacturing sector has gone from being the eighth most targeted by cyber attackers to the second most targeted, behind the financial and insurance sectors. So what are the most common cyber threats in the manufacturing industry? In this article, we will introduce you to the top 5 of them.
Ransomware is the most common cyber threat for manufacturing companies. It is a type of malware that accesses a system and encrypts data to make it inaccessible to the victim. In the case of manufacturing companies, attackers often choose to encrypt mission-critical data in order to affect direct or indirect production processes, which are the main value-add in these companies.
In exchange for the decryption key, the attackers demand ransom payments to be fulfilled in digital cryptocurrencies, which makes it extremely difficult to trace and track them.
Ransomware is a very lucrative method for attacking manufacturing companies, as it can cause business interruptions with long downtimes in systems whose availability is very critical and costly. So companies often opt to pay the ransom, as recovery can be very time-consuming and resource-intensive and therefore payment is not seldom the most economical option. According to the Sophos State of Ransomware Report, in 2021, 32% of attacked organizations chose to pay the ransom, although only 8% of them successfully got their data back after payment.
Insider Threats / Internal Breaches
Current employees, former employees, contractors, business partners or business associates are all insiders and already have a certain level of access to a company's computer systems and data. When considering an attack, having already a foothold in a company’s network is a huge advantage compared to someone from outside. Gartner Research & Advisory groups insider threats into the following categories:
- The Pawn is an unsuspecting employee who is manipulated to perform malicious activities, such as downloading malware and exposing credentials through spear phishing or social engineering. Outside attackers very often need to use insider pawns to gain a foothold in an organization's network.
- The Goof is an employee who, rather than acting with malicious intent, actively attempts to bypass security controls out of convenience or incompetence, unintentionally leaving vulnerable data and resources unsecured, allowing attackers easy access to the corporate network or even direct access to data.
- The Collaborator is an employee who intentionally harms the organization by using his/her access to the organization's network while collaborating with outside attackers. Their goals include industrial espionage, theft of intellectual property, or disruption of business operations.
- The Lone Wolf is also an employee who intentionally harms the organization but acts alone and is motivated mostly by financial gain by selling sensitive data or access to any future buyers like competitors or hackers. A Lone Wolf can also act as revenge for a grudge or complaint.
Sabotage / Unauthorized Access to Operational Technology
OT devices have been around in manufacturing companies for decades, but they have most of the times been deployed in air-gaped networks within the manufacturing environment. Considering their insularity, they were never designed with security in mind, or at least with security as a high priority. Availability and safety have always been top priorities, as production lines represent the greatest added value in manufacturing companies.
In recent years, there have been significant improvements in OT equipment in terms of security, but replacing the old equipment with modern, secure equipment or even updating it with more secure software and protocols means high investment costs, long production line downtimes, and the risk of incompatibilities to other equipment of the surrounding environment. Considering this, the majority of manufacturing companies still has a significant percentage of equipment with poor to none implemented security.
At the same time, OT environments are becoming increasingly connected to the outside world, which opens up great opportunities for attackers to gain unauthorized access to the OT environment and perform sabotaging activities using poorly secured OT devices.
Depending on the scale of the sabotage and on the manufacturing product and process, the consequences of sabotage can range from a simple disruption of a production line to injuries or even loss of life of employees.
Theft of Intellectual Property
Intellectual property theft can, in some cases, be one of the costliest threats to a manufacturing company. Companies invest significant amounts of money in research to develop and produce innovative products that can give them a competitive advantage and increase their sales. It is the case in many sectors like the pharmaceutical industry, automotive or chemistry. Losing this property means losing their hard-earned advantage because one or more competitors would now be able to exploit it. Intellectual property theft is the most common target of industrial espionage.
For the attacker, the focus of these attacks is, after an important phase of reconnaissance, to secure and sustain the connection to the target environment, therefore being able to pivot and maximize extraction of all targeted information.
Supply Chain Attacks
Due to globalization, most manufacturing companies have a variety of suppliers for their products and components around the world. Even though some of these companies have a high level of maturity in terms of security, they are still heavily dependent on their suppliers. When attackers want to sabotage a company, they often choose to attack business-critical suppliers and end up achieving the same goal, interrupting business processes.
An example is the Colonial Pipeline ransomware attack in May 2021, which crippled nearly half of the fuel supply chain in the eastern United States. A very good example to understand how the impact on one link in the supply chain can cause a ripple effect to many other organizations that are part of the process.
The rise of Industry 4.0 and digitalization of operational technologies have opened a huge door to new opportunities in terms of production efficiency, monitoring, flexibility and agility, but they have also created a vast landscape of cybersecurity threats. So the question is not if a threat will occur, but when. And in this case, unprepared organizations become the first targets that threat actors can exploit.
At BxC, we develop cybersecurity strategies specifically for manufacturing companies and OT environments, tailored to the clients' environment and needs, to end up providing the best possible preparation against growing cybersecurity threats.