The Manufacturing sector has come under an increasing number of cyber attacks over the past few years because of the growing interconnectedness between IT and Operational Technology (OT). Organizations in the sector have traditionally prioritized operational speed and efficiency over cyber risk management – something that may not have created huge security issues at a time when there was a clear separation between OT and IT. However, with more manufacturing technology (often older and less secure that IT) and processes now exposed to the internet, it’s getting harder for manufacturers to secure their operations and data against attacks. According to PwC’s 2023 Global Digital Trust Insights study, the use of “outdated software and vulnerability management tools” is the biggest security challenge in the sector.
Businesses’ increasing dependence on third-parties for monitoring and maintenance further exacerbates the problem, with remote access requirements introducing more security gaps into their IT environments.
Cybersecurity challenges for manufacturers:
- Growing IT-OT convergence – Traditionally, IT and OT, which comprises the systems that manage, monitor and control industrial operations and manufacturing equipment, have functioned separately with different, unconnected architectures. This has changed over the past several years, with more organizations connecting IT and OT processes and technologies for increased efficiency and smoother operations. While this has numerous benefits, it also significantly expands manufacturing organizations’ attack surface, and exposes OT to cyber threats that businesses didn’t have to worry about ten years ago, and hence did not prepare for. OT components are usually older, not frequently patched, and not built to deal with the kinds of threats that they are now vulnerable to, thanks to greater internet exposure and new entry points for attackers.
- Lack of cybersecurity expertise – Manufacturing organizations have always focused more on speed of operations, efficiency and continuous uptime than on cybersecurity. Prior to digital transformation initiatives, industrial processes ran in isolated, protected environments. This has changed now, but manufacturing organizations that have traditionally focused on operational efficiency do not yet have the cybersecurity expertise to handle new threats and build systems that allow secure IT – OT interoperation.
- Legacy manufacturing technology – One of the biggest cybersecurity challenges for manufacturing organizations is the legacy technology that they often depend on to run equipment and processes. Older manufacturing technology is not easily replaceable, and often doesn’t connect seamlessly with modern security tools, leaving big gaps in environments where legacy tech is exposed to the internet but not sufficiently protected.
- Increasing supply-chain risks – As with other sectors, manufacturing too is growing increasingly dependent on third parties and vendors who may themselves be using the services of companies further down the supply chain. Companies may need to provide remote access to external partners for monitoring, maintenance or other purposes, introducing more security unknowns and complexities in their cyber risk landscape.
- Low tolerance for downtime – Manufacturers are often more vulnerable to extortion and ransomware than others because of their low tolerance for downtime. Many organizations stand to lose much more than revenue if operations are disrupted. Attacks on suppliers for critical services and public infrastructure, in particular, can even lead to loss of life in extreme situations. This need for 24/7 uptime is exploited by cybercriminals who deploy attacks for financial gain. A study by Sophos found that the average ransom amount paid by manufacturers in 2021 was USD 2,036,189 – almost three times the global cross-sector average. As many as 32 percent attacks in the sector lead to extortion.
Historically, the biggest motive for attacks against Manufacturing has been espionage and getting access to intellectual property and industry secrets. This has been replaced by financial gain over the past few years, with Verizon’s most recent Data Breach Investigations Report finding that 88 percent of attacks in 2021 were motivated by financial gain. According to IBM’s 2022 Cost of a Data Breach report, the average cost of breach in the industrial sector, comprising chemical, engineering and manufacturing organizations, went up from USD 4.24 million to USD 4.47 million in 2022 – a 5.4 percent increase. Top attack patterns included System Intrusion, Basic Web Application Attacks and Social Engineering, with the use of stolen credentials being the number one initial access method.
Attractive target for ransomware because companies can’t afford downtime
Manufacturers are easy targets for ransomware because they cannot afford operational disruptions and downtime. According to Sophos’ “The State of Ransomware in Manufacturing and Production 2022”, 55 percent organizations in the sector were hit by ransomware between 2021 and 2022, with the average ransom amount paid by manufacturers – USD 2,036,189 – being almost three times the global cross-sector average. 77 percent organizations said ransomware impacted their ability to operate, and 71 percent said attacks caused their organizations to lose revenue/business. Most organizations interviewed also said that they were strengthening their cyber defenses and changing processes to secure coverage by cyber insurance companies. “97% of manufacturing and production organizations that have cyber insurance have made changes to their cyber defense to improve their cyber insurance position.”
Recent breaches – Pepsi Bottling Ventures; Nissan North America
Recent breaches in the sector include the Pepsi Bottling Ventures breach, caused by a network intrusion followed by the installation of information-stealing malware and data extraction; and the Nissan North America breach resulted from an incident at a third-party service provider, and affected 17,998 Nissan customers.
- Nissan: The Nissan breach led to the compromise of customers’ full names, dates of birth, and NMAC account numbers (Nissan finance account). This data had been shared with a third party that develops and tests software solutions for Nissan.
- Pepsi Bottling Ventures: The Pepsi Bottling Ventures breach impacted records including the full name, home address, financial account information (including passwords, PINs, and access numbers), State and Federal government-issued ID numbers and driver’s license numbers, ID cards, Social Security Numbers (SSNs), passport information, digital signatures and benefits and employment (health insurance claims and medical history) information of affected individuals.
What manufacturers can do for cyber risk reduction
To prevent system intrusions and breaches, manufacturers must secure their systems and the data stored on those systems by taking a holistic approach to risk reduction. This would include:
- An effective vulnerability management program for quick identification and mitigation of vulnerabilities on all assets;
- Visibility into and protection of the data stored on internal systems and cloud apps
- The strengthening of system configuration settings based on best practices.
- Regular cyber risk assessment and mitigation planning to help IT and security teams prioritize and mitigate their high-impact vulnerabilities first
In addition to these basic preventive controls, organizations must also deploy strong threat detection and response tools for quick detection and neutralization of threats that make it into internal networks. All businesses must develop and test incident response plans and playbooks to handle potential intrusion attempts and attacks.
To successfully manage supply chain risk, organizations should evaluate the security policies and controls implemented by their supply chain partners and vendors, and also carefully control the level of access provided to external entities.
How CYRISMA can help
CYRISMA is a multi-capability SaaS platform that combines essential cyber risk discovery, assessment, mitigation, and management tools in a single interface. Built to reduce cybersecurity complexity and costs, CYRISMA enables manufacturing organizations to streamline their risk management operations and mitigate risk more efficiently. In addition to identifying and fixing vulnerabilities, strengthening system configuration and discovering and securing sensitive data, businesses can also use CYRISMA to quantify risk in financial terms, allowing them to make better security investments that have real impact.