wave-pattern

Manufacturing Cybersecurity

Why Cybercriminals Target Manufacturing Companies

It used to be that manufacturers were considered to have about the same level of cyber risk as any other type of business. But that is no longer the case. To stay globally competitive, manufacturing companies are shifting toward more digitized and integrated Internet of Things (IoT) processes both within the factory walls and out into their supply chains. Because autonomous machinery can be hacked in ways a human laborer cannot, productivity gained through technology is often accompanied by new opportunities for cybercriminals to steal, destroy, and otherwise cause mayhem within the network.

Accordingly, this growing interconnection in production and distribution of goods has brought an increase in the number of cyber attacks targeted at the manufacturing industry – from ransomware to business email compromise and more – and thus a growing need for manufacturers to bolster their cyber defenses. 

The consequences of not doing so can be serious, ranging from corruption of in-house IT systems that keep machines humming to the pilfering of critical intellectual property as competitors look for ways to steal trade and production secrets. In the case of precision components, even the slightest chance that a hacker can slip into a firm’s automated production line can cause major issues with regard to safety, quality, and performance. 

A study by manufacturing association, Make UK, found that concerns about cybersecurity are too often inhibiting manufacturers from adopting technologies that will keep them competitive.1 Clearly, for factories to be productive and competitive in a continually globalizing world, manufacturers need to do all they can to secure their high-tech equipment, networks, and processes, as well as their digital connections with other members of their supply chains.

Manufacturing Sector by the Numbers

  • Looking at more than 1,000 of Crypsis’s recent client engagements, manufacturing was the third most targeted sector – after healthcare and financial services – accounting for 11% of security incidents and cyber crimes we responded to in 2019.
  • Crypsis recently observed a 73% increase year-over-year in ransomware attacks on manufacturing operations. Manufacturing is now the second most targeted sector in our client base when it comes to ransomware attacks.
  • Our manufacturing clients also receive a high number of business email compromise (BEC) attacks, with one in 10 of our BEC cases coming from this sector.
  • The Make UK study found that more than one-third (35%) of manufacturers said that concerns about cyber vulnerability are preventing them from investing in productivity-enhancing digital technologies.

Learn more now about cybersecurity attacks on manufacturing companies.

The Challenges Facing Manufacturing Companies

Ransomware is constantly on the rise and manufacturing is not spared.

Ransomware attacks in a factory setting can cripple a business’s ability to produce product, leading to days if not weeks of downtime and resulting in financial loss. Manufacturing companies account for 13% of Crypsis client engagements. Recently, more than half of the ransomware attacks we responded to at manufacturing companies involved the Ryuk variant, which uses well-researched phishing attacks and thereby has a higher success rate than most.

Being a smart factory can open doors to cybercrime.

IoT is revolutionizing manufacturing, as companies move toward more automation to create efficiency, raise quality, and decrease their supply-chain risks. It is estimated that three-quarters of large manufacturers have incorporated IoT solutions into their production lines.2 The problem is that every connected IoT device – and some factories have lots of them – can be an entry point for a cybercriminal to infiltrate the company’s networks. And because the human element has been moved farther away from many of these processes, the potential vulnerabilities sometimes get less attention than they should.

A broadening attack surface for industrial spies.

As manufacturing companies move their production facilities into the realm of smart factories, some of their global competitors will be looking for shortcuts to keep up – and intellectual property theft is sometimes the method of choice. The new, interconnected factory equipment and increasing interconnectivity with supply chain partners raise the risk of exposing a treasure trove of data to hackers, some of which could strengthen competitors if it falls into their hands. Manufacturers that build national security-related products face additional types of cyber threat actors and thereby additional urgency to protect their sensitive data.

Potential weaknesses in digital connections with supply chain partners and vendors.

Throughout the manufacturing sector, enterprises are improving their operations by increasing the number of digital touchpoints they have with supply chain partners and third-party vendors. Many of the biggest cybersecurity incidents of the past few years, such as the data breach at Target stores, have been caused by supply chain attacks, where a hacker gains access through a partner or provider. As these relationships expand and become more sophisticated, manufacturing firms need to be aware of which outside entities have access to their data and whether essential cybersecurity measures are in place.

Interested in learning more? Read our recent blog: Data Security Supply Chains in Manufacturing: 4 Insights to Keep Your Business Online

Crypsis Cybersecurity Solutions for Manufacturing Concerns

Conduct in-depth cyber risk assessments tailored to manufacturing-specific threats.

Crypsis performs targeted assessments and technical cybersecurity services to test and evaluate an organization’s cybersecurity posture and overall cyber resilience, and to verify that security controls are performing optimally and efficiently. These include penetration testing – where we simulate a real-world attack to assess the strength of your countermeasures and identify hidden vulnerabilities – web and mobile application testing, targeted security assessments of your current configurations, phishing exercises, and tabletop exercises that include customized scenarios based on threats that are specific to your production facilities.

Review outsourcing dependencies and digital relationships with supply chain partners.

Crypsis experts will review your firm’s security posture relative to supply chain partners and third-party vendors and make recommendations on how to plug cybersecurity gaps. Our assessment will target cyber risks specific to your manufacturing processes such as IP protection, industrial control systems, connected products, and implications throughout the firm’s relationships. This begins with a comprehensive audit of third-party IT dependencies across the business and your company’s data flows to understand where your data may traverse networks and be handled, stored, or processed outside of your perimeter.

Create an updated cyber incident response plan.

Following an in-depth review of the manufacturer’s IT environment, security tools, processes, procedures, and documentation – and after identifying security gaps and any deficiencies in an existing incident response plan – Crypsis experts will create a tailored IR plan to bolster the company’s security defenses. We will also work with your company to test the plan through a series of simulation exercises to better familiarize internal teams with the new workstreams and validate that the plan works.

Respond to cybersecurity incidents if and when they occur.

The Crypsis Group’s data breach and response teams are ready at a moment’s notice to help manufacturers investigate, eradicate, and recover from ransomware attacks, as well as from business email compromise, inadvertent disclosures of data, and any other type of incident. Our mission is to immediately stop the attack, expel the intruder, restore systems, and get operations back online as quickly as possible, minimizing downtime and getting production lines back at full speed.

Create a more security-conscious culture.

Crypsis can help reconfigure work processes and security procedures to narrow the opportunities for cyber threat actors to deceive and exploit your company’s employees, partners, vendors, and customers. Our experts can also create and implement staff training programs to make sure employees are aware of their cybersecurity responsibilities and able to help mitigate risks related to phishing scams and protecting IP and other sensitive data. We can also establish and implement processes for employees to identify and report unusual activity or other anomalies.

Get Crypsis on call 24/7.

Staying ahead of cybercriminals is a matter of constant vigilance. Crypsis provides retainer agreements to provide your organization with our experts’ services whenever you need them. We will also work with your internal teams on a regular basis, ensuring that they are using the latest cybersecurity methods and technologies. We will help them maintain a state of readiness to respond to and expel any cybercriminals or other threat actors who somehow manage to get through – as well as to quickly stop the damage, recover what has been lost, shore up network security going forward, and limit disruption to factory operations.

Are you prepared to manage a cyber attack? Learn more about how Crypsis can help you.

Why Crypsis?

Our cybersecurity experts have deep experience protecting our nation and our businesses from ever-evolving and intensifying cyber threats. Since we were founded in 2015, we have partnered with scores of manufacturing firms to help them respond to and recover from cyberattacks, manage their risks, and harden their defenses.

We fight cybercrime. With many of us having served in law enforcement, the intelligence community, and in the IT security departments of leading corporations and government agencies, we know how cyber criminals operate, we know the tactics they use, and we know where to look for them and how to find them. With access to the latest technologies and techniques for fighting cybercriminals, we dedicate our careers to staying well ahead of them and keeping them at bay on behalf of our clients.

 

https://www.makeuk.org/-/media/eef/files/reports/industry-reports/cyber-report-2018.pdf 

https://swivelsecure.com/solutions/manufacturing/manufacturing-is-at-risk-from-cybercrime/  

Crypsis team of experts keep your manufacturing operations safe

Learn More About Crypsis

Learn more about what the Crypsis team of experts can do to keep your manufacturing operations safe from cyber threats.

Contact Us