While all organizations are potential targets of cyberattacks, the manufacturing industry is one of the five industries that are the biggest targets. In fact, according to the 2019 Manufacturing and Distribution Report, half of manufacturers surveyed have fallen victim to at least one data breach during the past 12 months.
With the current pace of digital transformation that’s rewriting the rules of competition for industrial companies, coupled with increasing digital interconnections around the globe, the scale and variety of cyberattacks against manufacturing organizations have been escalating. These attacks will likely also grow in complexity as hackers become more knowledgeable in exploiting the vulnerabilities of manufacturers’ IT systems.
Why target manufacturers?
There are numerous reasons why manufacturing organizations are attractive prospects for data breaches and cyberattacks:
#1. They hold a lot of confidential information
The Thomas 2018 report showed that cybercrimes against manufacturing companies are generally designed to steal intellectual property. These can be anything from patents, trade secrets, blueprints, confidential designs, secret formulas, proprietary manufacturing processes, and product proposals.
In fact, the US National Center for Manufacturing Sciences report showed that 90% of data stolen by cyberspies have been classified as “secret” or “proprietary.” The stolen information can then be used by adversaries to sell products at a lower price and cut both competitive advantages and margins.
This is especially worrisome for defense manufacturers that have access to sensitive government documents. Bronze Union, a threat group suspected of operating for the Chinese government, has successfully pulled high-value defense, security, and political intelligence from multiple US-based defense manufacturer networks. Mike McGrath, consultant for McGrath Analytics LLC, even warned that many adversary nation states could be sophisticated enough to introduce malicious defects in US military equipment.
#2. They have a lot of vulnerabilities in their IT systems
Many existing manufacturing systems were developed at a time when security was much less of an issue. Manufacturing processes are typically operated by industrial control systems which use open platforms and common operating systems, as opposed to insular proprietary control systems.
The rift between legacy equipment and modern technology has also created a security gap in many manufacturing facilities, exposing a wide-range of equipment that all require different protective measures. For example, robotic arms aren’t compatible with firewalls, so cyberattacks have evolved to target these weaknesses.
And with the increased connectivity through the use of Internet of Things devices, robotics, and human-machine interfaces, there are now a lot of entry points that cybercriminals can exploit.
Worse, the growing complexity of these systems has resulted in large and elaborate network infrastructures that are extremely specialized. In many cases, these systems are operated and managed by manufacturing specialists rather than IT staff.
Lastly, the focus of manufacturing technology has traditionally been on performance and safety, not security. Simply put, most manufacturers are relying on technology built without today’s cyberthreats in mind, and the rapidly changing security landscape has left many at risk.
#3. They do not think they are targets
Unfortunately, many manufacturers do not see themselves to be at risk. This lack of recognition of the threat may be the greatest risk of cybersecurity failure for manufacturers.
Since other primary targets (e.g. banks and healthcare companies) have already beefed up security, manufacturing companies are the new low-hanging fruit. To further compound the issue, unlike the healthcare industry, manufacturing organizations don’t have cybersecurity compliance requirements. This “no consequence” environment then allows manufacturers to continue to operate with little to no IT security practices.
Consequences of having no or weak cybersecurity
Factories and warehouses operate on strict production and delivery schedules. Hence, an hour of downtime can lead to missed shipments, lost man hours, and lost revenue in tens or even hundreds of thousands of dollars.
For example, in 2017, an auto parts plant in North Carolina lost $270,000 an hour due to downtime caused by ransomware that entered its IT systems. In the same year, a large number of manufacturing plants fell victim to the WannaCry ransomware virus, even forcing a Honda plant in Japan to halt production.
Not only that, but a single data breach can also cost a manufacturer a few years’ worth of proprietary information and lead to a permanent loss of customer trust. In fact, the US National Center for Manufacturing Sciences estimated that breaches cost manufacturing companies between $1 million and $10 million each.
A multilayered IT security strategy is the way to go
A single solution like an antivirus program is not enough. Only a multilayered defense approach can provide the protection manufacturing companies need against increasingly sophisticated cyberthreats. This means companies must combine security tools (e.g., firewalls, malware scanners, email spam protection), people (e.g., cybersecurity employee training), and processes (e.g., data backup and disaster recovery procedures) to yield the most effective defenses.
For many manufacturers, the best way to achieve a multilayered cybersecurity strategy is to turn to managed IT service providers like Leverage IT. By partnering with us, you’ll leverage over 15 years of experience that’s especially dedicated to supporting small- and medium-sized businesses. Fortify your defenses against cyberthreats now!