If you believe cyber criminals exclusively target technology or larger companies because of their rich transactional and confidential data, you would be mistaken. Small to mid-size manufacturers have troves of critical IP and confidential data making them just as valuable and vulnerable to cyberattacks. But Manufactures share a big difference, they also have large parts of their operations run by robotics and automation using new technologies like RPA and IoT. Because these technologies are newer, they have big opportunities for cyber criminals to exploit and breach. Manufacturers also have a much smaller or non-existent cybersecurity budget to combat this growing threat.
In fact, the FBI recently stated Manufacturers face a 10X surge in cyberattacks between now and 2021! That same report cited cybercrime as the greatest threat to every profession, every industry, and every company in the world. If your reaction was "UGH" to that prediction hopefully you are motivated to explore professionally securing your business.
Based on research by SC Media and what we see with our customers, here are the top 4 ways manufacturers face being breached:
- IoT AND RPA: Manufacturers are cramming online connectivity via sensors into new models of everything from fridges and cars to doorbells and machinery. Each element of this “Internet of Things” (IoT) provides an opportunity for cybercriminals, who can hijack them and use them as a gateway to attack more lucrative targets. Hewlett Packard has said it reckons 70% of IoT devices are vulnerable to hacking. A favorite tactic is to use compromised devices to install “bots” (“web robots”, or autonomous software programs that perform simple tasks), which can launch so-called distributed denial of service (DDoS) attacks. The upshot is that multiple devices are used in a coordinated attack to overwhelm a victim’s system by flooding it with traffic. One such “botnet”, the Mirai botnet, was used in 2016 to cripple some of the internet’s biggest sites, including Twitter, Airbnb and Netflix. If those businesses can be crippled what would happen to yours?
- THE CLOUD: Cloud environments aren’t going away anytime soon. Cloud adoption is expected to grow at 12.4% annually until 2025. When you need to get started in a new cloud environment, or secure an existing one, penetration testing and vulnerability management is the place to start and understanding all the configurations is critical to security. You must understand how vulnerable your cloud is even if it is in AWS or Azure.
- MONITORING: Are your eyes on the prize…or your business? Only 3%, 3 measly percent of manufacturers engage in a SOC-as-a-Service to monitor and protect their digital assets 24X7X365. Some think it’s too expensive. I encourage you to inquire, it’s not as expensive as you might think these days as costs have come down quite a bit for complete protection.
- POLICIES AND PROCEDURES: Research suggests as many as 1 in 20 manufacturers may not have a cyber incident / data security plan. Furthermore, most manufacturers may not know whether their plans are fit for purpose or risk or how their insurance may or may not cover them based on their plans. This is low hanging fruit; table stakes, every manufacturer can address. Inexpensively.
These are the top 4, unfortunately there are numerous others including employee training for phishing attacks—a type of threat that is also skyrocketing. The point is this, small to mid-size manufacturers face cyberattacks by hardened cybercriminals because of the troves of IP and confidential data they have and the smaller cyber defense budgets that make breaches easier. The time to defend your business is now before you make the news and your customers lose faith.
Need cybersecurity advice? Contact Tony Pietrocola, Co-Founder of Manufacturing Works' member Agile1—a premier cybersecurity and cyber engineering company determined to help its customers mitigate risks.