The manufacturing industry overall has historically lagged behind in cybersecurity. While those that have pursued cyber liability have been asked to conduct some level of cyber-hygiene scrutiny, when compared to other industries, the manufacturing industry has generally not had to maintain cybersecurity compliance requirements.

As the typical manufacturer couldn’t justify the return on investment of implementing precautionary measures, the industry became a prime target for cybersecurity attacks due to their reliance on information systems and advanced technology to generate revenue. Manufacturers who rely on automation, robotics and connected networks are especially vulnerable to cyber attacks.

Know your risks of cyber attacks

With hacking being a “business” venture to generate revenue for cybercriminals, the manufacturing industry became a key market segment for their success. Hackers could use malware that can be purchased on the black market to engage in spear phishing. This is a type of email phishing campaign that targets multiple people at an organization using inside information that makes the hacker’s inquiry look legitimate.

Owners and managers fear data breaches — and hackers often use that fear to cripple organizations through ransomware. This is a type of malware that’s installed on a computer or network without the user’s consent that relinquishes control back to management only if they agree to pay ransom to the malware operators. Once the money is paid, the hackers promise to remove the restrictions.

Cyber attacks can harm a manufacturer or distributor by causing safety issues, negative publicity, lost productivity, and compromised personal and corporate data. While there are a myriad of types of cyber attacks, the manufacturing industry seems to suffer the most from two distinct attacks: ransomware and the business email compromise (account takeover).

Ransomware

For almost a decade, few threats are as widespread and damaging as ransomware. Ransomware situations involve attacker groups encrypting systems and data to hold for a ransom payment that ranges from $250,000 to $10 million to unlock the data. If the victim chooses not to pay the ransom, the attackers then threaten to disclose their sensitive information publicly (double extortion). Research shows that most organizations (71%) were hit by ransomware in 2021, and most of those (63%) opted for paying the requested ransom, according to the 2022 Cyberthreat Defense Report (CDR) by the CyberEdge Group. Further research has determined that 21% of ransomware attacks targeted the manufacturing industry in 2021, and 60% state that they struggle to defend against ransomware attacks due to their growing sophistication with IoT dependencies. Attackers find the manufacturing sector to be a “key market demographic” due to a higher probability of being paid, high-value data, and the potential to extort third parties (upstream supply chain disruption).

For those wondering what they can do to insulate their organizations against attack, download below the ransomware checklist that LBMC has developed that includes a series of steps to help protect organizations against ransomware attacks such as these.

Business Email Compromise

The Business Email Compromise (BEC), also known as “account takeover” attack, can also be devastating to manufacturers. The attacks are generally conducted by compromising the credentials of applicable employees to access their email, then interject fraudulent payment directions into an email active thread with suppliers or customers. The secondary approach is to impersonate (spoof) the manufacturer to conduct a business transaction. While the attacks are not as technically complex as ransomware, the impact to the bottom line can be just as severe. The FBI released the following statistics involving known monetary losses for BEC attacks.

June 2016 and December 2021:

Domestic and international incidents:241,206
Domestic and international exposed dollar loss:$43,312,749,946
The following BEC/EAC statistics were reported in victim complaints to the Internet Crime Center (IC3) between October 2013 and December 2021:
Total U.S. victims:116,401
Total U.S. exposed dollar loss:$14,762,978,290
Total non-U.S. victims:5,260
Total non-U.S. exposed dollar loss:$1,277,131,099

As the dollar amounts involved in ransomware and BEC attacks demonstrate, “hacking” is geared primarily toward generating revenue illegally. The days of hobbyist hackers are long gone and have been replaced with true cybercriminal gangs that are focused on their bottom line at the expense of yours. To compound the challenges, the attacks are occurring from all over the world and the criminals are seldom identified and almost never apprehended. Fortunately, today’s cybersecurity professionals are often as skilled and talented as the adversary and can effectively identify and demonstrate your risks before the cybercriminals do.

Manufacturers Protect Against Cyber Attacks

An important component of any continuity program is cyber security. While organizations have a responsibility to make sure they have all the necessary resources in place to protect against external cyber threats, it is important to remember that cyber security is not just the responsibility of the IT department within an organization. Everyone in the company can (and should) play a part in protecting against threats and helping to avoid malware infections and cyber breaches. It is prudent to regularly remind your end users of their responsibility to protect sensitive data and systems.

How Manufacturing Companies Can Improve their Cybersecurity

In a time of economic recovery efforts, cybercriminals are working to thwart the bottom lines of manufacturers. As cybersecurity has always been a concern, manufacturers are now needing to make the needed investments to protect their environments, even if there is not a compliance driver. The top ways manufacturers can improve cybersecurity are:

1. Implement Multi-Factor Authentication (MFA) on all external portals (email, order entry, payroll, etc.)

Multi-factor authentication has evolved as the single most effective control to insulate an organization against remote attacks and when implemented correctly, can prevent most threat actors from easily gaining an initial foothold into your organization, even if credentials become compromised.

2. Conduct security awareness training

Providing effective security awareness training for employees is vital. Employees are a manufacturer’s first line of defense against hackers, but they can also be a liability if they’re not vigilant and knowledgeable about cyber threats. It’s critical to provide effective security awareness training about the latest scams and encourage employees to report suspicious emails immediately to the information technology department.

Many hackers look for easy targets — like thieves target houses with unlocked doors and windows to break into — so even the simplest security measure will deter some cyber breaches. For example, you can use inexpensive, over-the-counter encryption software and phishing filters to make it harder for hackers to get inside your network.

3. Conduct risk assessments

Running a secure network means making good business decisions. To make the best decisions in a world of constantly emerging and changing threats, you must conduct regular cybersecurity risk assessments.

4. Perform penetration tests

Sometimes the best defense is a good offense. By engaging in a penetration test, you’ll identify the holes in your defenses before cyber-attackers do. It’s better for your penetration testers to find a weakness than your adversaries.

5. Invest in incident response tabletop exercises

The most crucial step in developing an incident response plan is to stress test the plan before a real incident occurs. Instead of making assumptions and simply placing your incident response documentation on a shelf and hoping it is accurate, it’s better to test it with tabletop exercises designed to build continuous improvement into your incident response program before your next incident occurs.

6. Reduce business losses with cybersecurity insurance

To minimize losses if a breach occurs, consider purchasing cybersecurity insurance for your business to cover direct losses from breaches and the costs of responding to them. Your traditional business liability policy probably doesn’t include such coverage.

Content provided by LBMC Information Security professional, Bill Dean.

LBMC Information Security can help protect your manufacturing company against escalating cybercrime threats. Contact us to learn more and get started on a consultation!