Why are manufacturers so susceptible to cyber security attacks?
First, hackers are now out for intellectual property - innovative processes, proprietary plans, confidential formulas, etc. - which can make it incredibly easy (and cheap, due to bypassing R&D) to copy your products and sell them for less. According to a Verizon report, over 30 percent of data breaches at manufacturing companies involved the theft of IP. This accounts for the increase in these cyber attacks.
Additionally, many manufacturing industrial control systems (ICS) are extremely vulnerable. ICS are the devices, systems, networks and controls used to operate and/or automate industrial processes. These Operational Technology (OT) and environments used to be isolated, but with Industry 4.0 and IoT technologies, integration is happening. And some of these devices are using outdated systems and connected to antiquated servers... which makes them even more exposed.
Then, there's Phishing. By far the simplest and most common way hackers are getting your information. According to the dictionary, phishing is "the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers." Can your employees spot a phishing attempt? Can you? It's probably safe to say that most people have been duped at one time or another. Phishing attempts are getting more and more sophisticated.
Lastly, with the financial, tech and healthcare industries amping up their security, now manufacturing is the low-hanging fruit for cyber attackers. Small and medium-sized manufacturers are especially at risk, mostly due to lack of internal IT resources and the mindset of "my company is too small for hackers to care about."
What can manufacturers do?
If your organization relies on continuous operation, going offline and shutting down production lines due to cyber attacks is a risk you don't want to take.
Don't ignore cyber security risks. Initiate a risk management process. Allocate resources. Perform an internal and external security assessment. Invest in IT Security and ICS Security. Back up everything, from databases to QRP modifications for custom reports. Have a recovery plan.
"...Only half of those manufacturing execs surveyed said they performed targeted vulnerability or penetration testing on their industrial control systems less than monthly, and only one in five cited implementation of a secure information and event management systems (SIEM) as a top priority." -Symantec Report
You might find the Manufacturing Cyber Security Framework from NIST to be a good starting point. This framework contains five functions that organizations should continually practice:
- Identify - know the threats
- Protect - safeguard from threats
- Detect - detect potential threats
- Respond - response plan to attacks
- Recover - restore normal operations
If your organization has government contracts, you probably already know about the need for your business (and your suppliers) to be compliant with NIST 800-171. For more on that topic, read this article.
A technology partner can help you get on the right track. From helping you develop processes to performing security audits, a technology partner, like BizTech, can help you get on the right track. Have questions about cyber security? We can help.
Additional reading about manufacturing cyber security: