Build it and they will come. Not only is it the famous line from a movie, but it also rings true for cybercriminals. In this case, it isn’t what is being built, but the manufacturing process itself that attracts nefarious characters. A 2022 study conducted by IBM showed that no industry is targeted by cyber attackers more than manufacturing. A 2021 study showed that 50% of manufacturers and distributors experience at least 2 information security events over a 12-month period. The assault on the manufacturing sector is not a recent phenomenon either. According to a 2019 survey conducted by Deloitte, 40% of manufacturers reported that their operations had experienced a cyberattack in the previous 12 months. There is no doubt that manufacturers are a popular target for hackers and cybercriminal organizations.
It Is All About Leverage
Leverage is pivotal in negotiations. In business dealings, parties frequently seek to establish an advantage by capitalizing on a unique resource or strategic position. For example, when autoworker contracts approach their expiration, labor unions might threaten to strike, potentially halting operations. This tactic leverages potential financial disruptions and challenges to pressure management.
Increased leverage also boosts the likelihood of a ransomware attack succeeding. This leverage in the context of ransomware arises from two key factors. The first is scalability. The more business processes that can be halted, the more leverage the attacker gains. Secondly, it’s about the financial implications as every moment that a company’s operations are interrupted corresponds to lost opportunities and mounting costs. Thus, the higher the operational costs, the steeper the ransom can potentially be. Ransomware perpetrators aim to target organizations that meet these criteria and are simultaneously heavily dependent on their IT systems. This is why according to a 2021 IBM report, more than one in five ransomware targets are launched against manufacturing organizations.
Other Contributing Reasons for Manufacturing Vulnerability
An article published in July 2023 asked the question, Why do cybercriminals love manufacturers so much? There are quite a few reasons.
- Manufacturers have a larger attack surface than most organizations.
- Some manufacturers, especially those in older industries, rely on outdated legacy systems that lack the latest security protocols and no longer receive security updates.
- Manufacturers possess a vast amount of intellectual property that makes them targets for espionage.
- Manufacturing facilities have large workforces working onsite which makes security awareness training highly challenging.
Complexity is the adversary of security. The more moving parts, the more complex the environment the harder it is to secure it. You don’t just shut down a manufacturing complex with the press of a button. Similarly, the process of bringing a manufacturing facility back up to full operation can take a full day to return to full capacity under normal circumstances. This was one of the reasons why the Colonial Pipeline, the largest pipeline system in the U.S. was targeted.
Manufacturers are Technology Dependent
Manufacturing has come a long way since the days that the Model T was assembled on the factory floor. Manufacturers have digitally transformed themselves along with the rest of the world. We are in the midst of a new industrial revolution that incorporates advanced technologies driven by the Internet of Things (IoT). Manufacturing systems today are in many ways more reliant on smart sensors and machine learning algorithms than physical workers.
Modernized manufacturing facilities now utilize automated systems and robotics to automate repetitive tasks in assembly and packaging. There, AI algorithms scrutinize this data, pinpointing even the slightest deviations in quality or production rates. This technology-driven approach underscores the evolution of manufacturing, where innovation is not just about machinery but also about harnessing data for efficiency and precision. Now add in other technologies such as digital simulation, augmented reality, and 3D printing and you quickly realize that a manufacturing facility is really a technology center.
Potential Overlaps in Responsibility
It is the Chief Operations Officer who has traditionally been responsible for the physical processes of manufacturing and operations. Prior to digital transformation, COOs have been primarily concerned with physical security, the continuous running of manufacturing processes, and the safety of employees. As connected machines and smart devices become the norm in manufacturing, the operational side is increasingly dealing with technologies that can be vulnerable to cyber threats. It is in this realm of data security and cyber defenses that the CIO is more familiar with.
Thus, the transition to a digitized complex has created a potential gray area when it comes to the responsibility for cybersecurity over these facilities. This overlap of responsibility is one more thing that cybercriminals can take advantage of. To eliminate this gap, manufacturers are moving toward a more collaborative approach that utilizes cross-functional teams that include both IT and OT professionals. Some might also have a Chief Information Security Officer (CISO) who collaborates with both the CIO and the COO to ensure that both IT and OT are adequately protected.
The Importance of Threat Intelligence
Regardless of which team is responsible for protecting manufacturing facilities from cyberattacks, threat intelligence remains the bedrock of cybersecurity. It is the fuel that powers the identification, prevention, and mitigation of cyberattacks. Much like manufacturers who must analyze vast amounts of data to pinpoint production anomalies, cybersecurity teams must trawl through countless log events and false alarms to detect potential signs of an intrusion. That is why alert prioritization is so critical as well as the ability to add context to any flagged events. To navigate their complex landscapes, some manufacturers are turning to third-party security operations centers (SOCs) to leverage security teams that are highly proficient in optimizing security controls and prioritizing security data.
Manufacturing is a highly complex venture, but so is cybersecurity. With its growing web of interconnected systems, sensors, and software, manufacturing facilities require continuous monitoring to not only enable operational resilience and efficiency but ensure security as well.