Cyberattacks In M&D: A Growing Threat Requires Top-Level Attention

With cyberattacks in the manufacturing and distribution (M&D) sector on the increase, senior management must take the lead in focusing attention on the growing threat — and in developing effective countermeasures.

Dec 21, 2016

With cyberattacks in the manufacturing and distribution (M&D) sector on the increase, senior management must take the lead in focusing attention on the growing threat — and in developing effective countermeasures.

For many years, the most obvious (and most lucrative) targets for cyber criminals were in industries such as online and retail sales, financial services, and, more recently, healthcare. These industries have begun shoring up their defenses and improving their cybersecurity efforts, so attackers are moving on to other targets. Today the M&D sector is in the crosshairs.

In the face of these rising threats, manufacturing executives should assess their vulnerability to new types of attack. At the same time, M&D organizations also should examine the effectiveness of their cybersecurity operations — in terms of both reducing the likelihood of a successful attack and limiting the damage when a breach does occur.

Manufacturers’ Growing Vulnerability

According to the 2016 Cyber Security Intelligence Index published by IBM X-Force Research, manufacturing is now one of the most frequently hacked industry sectors, second only to healthcare and surpassing the financial services and retail sectors. Automotive and chemical manufacturers were the most frequently targeted businesses within the manufacturing sector, according to IBM.

Other sources confirm the trend. For example, in January 2016 the U.S. Department of Homeland Security reported that during fiscal year 2015 it had investigated almost twice as many cyberattacks in the critical manufacturing sector as it had the year before.

At the same time, M&D businesses’ vulnerability to cyberthreats is being heightened by technological advances and the growing use of technology itself. Among the many ways that technology has changed manufacturing, several merit special mention:

  • The growth of intellectual property. In the information age, virtually all manufacturing businesses own proprietary software and other data that has inherent value and must be protected against loss, theft, or damage.
  • Smart manufacturing. Multimillion-dollar computerized operating and business systems control crucial production and management systems — frequently with access via wireless devices or internet connections. Because such systems often are linked and not properly segmented, they can be vulnerable to attacks and breaches.
  • Internet of things. Expensive and highly specialized production equipment often is supported by off-the-shelf internet-connected devices such as cameras, routers, and wireless access points. Such plug-and-play devices are convenient and low-cost, but every unsecured device running in its default configuration is a potential access point for hackers.

Today’s Threats

In trying to anticipate cyber crime threats, it’s important to remember that, generally speaking, cyber criminals don’t attack just because there’s a vulnerability. They attack because they see an opportunity to monetize that vulnerability. A 2016 Ponemon Institute survey of 304 individuals who admitted being involved in cybersecurity threats revealed that, while some attackers said they are motivated by other reasons, 69 percent said they are simply in it for the money.

Most respondents also agreed that automated hacking tools and specialized hacking toolkits have helped make their activities more cost-effective. Such tools have contributed to the prevalence of several of today’s most widespread schemes:

  • Ransomware. This malicious software holds critical data hostage while the attacker demands the company pay a ransom to regain control. For large organizations, ransom demands in the tens of thousands of dollars are not uncommon. One particularly malicious variation begins to systematically destroy the captured data if the victim does not meet the demand quickly enough. The FBI recently reported that a single strain of ransomware was responsible for more than $18 million in losses in almost 1,000 instances over a 14-month period — and that is only one example.
  • Whaling. These highly targeted, intelligent attacks often use social media research to identify relationships within organizations — particularly individuals with access to bank accounts. After researching and identifying a target, hackers send deceptive emails, faxes, or instant messages that appear to be legitimate authorization from a CEO or other high-ranking executive to make a fund transfer or execute a fraudulent transaction.
  • Spear phishing. A step up from common phishing schemes that target random users, spear phishing attacks are researched and targeted, often posing as messages from law enforcement agencies or legitimate business organizations. The goal is to trick users into clicking on a link that enables the hacker to introduce ransomware or other malware that can provide access to sensitive information.

Assessing Your Preparedness

Ransomware and other targeted attacks can have a devastating impact on M&D operations. The first step in upgrading a company’s defenses is an objective and systematic assessment of its current level of preparedness. As a starting point, M&D executives should be asking their IT and security teams some basic questions about potential areas of concern such as:

  • Email filtering. Are we effectively filtering potential threats?
  • Social engineering. Do our employees have an appropriate level of security awareness so they are less likely to be tricked by malicious parties?
  • Endpoint protection. Will our endpoint security solution correctly identify and mitigate malicious hardware, software, and behaviors attempting to gain access to our network?
  • Propagation. Have we performed penetration testing to determine a malicious actor’s ability to move around within our network if it is breached?
  • Data backup procedures. Are backups conducted regularly and automatically, and are procedures tested to verify that they work as intended?
  • Data exfiltration. Can sensitive data be removed from the network? Can we detect when an outside actor is gaining access to our data?
  • Incident response. Have effective incident response procedures been implemented and communicated throughout the organization?

As with so many issues, the tone set by senior management is crucial. Boards and executive teams must make it clear that cybersecurity is not just an IT problem. Rather, it is an enterprisewide risk that threatens essential business and production systems and has the potential to completely disrupt critical operations.

Above all, management must actively work to establish a corporate culture in which employees in all areas of the organization are acutely aware of the risk and recognize that they are the first line of defense against this serious — and still growing — threat to M&D operations.

Kiel Murray, CISSP; Mike Porter and Chris Wilkinson, CISSP, CRISC are all with Crowe Horwath.

Read Next
Cybersecurity
Cybersecurity
ZAG Technical Services Announces New Cybersecurity Offering
April 5, 2024
Latest in Cybersecurity
All-In-One Manufacturing Management
Sponsored
All-In-One Manufacturing Management
May 1, 2024
Ransomware
Report Identifies Hidden Costs, Challenges of Ransomware
April 25, 2024
Ep90
Security Breach: DMZs, Alarm Floods and Prepping for 'What If?'
April 25, 2024
Fleet Of Fed Ex Delivery Trucks In A Parking Lot 483290419 4500x3000 (1)
Transportation and Logistics Under Siege
April 24, 2024
Related Stories
Cybersecurity
Cybersecurity
ZAG Technical Services Announces New Cybersecurity Offering
I Stock 1251037786
Cybersecurity
What is Volt Typhoon?
This photo provided by the Municipal Water Authority of Aliquippa shows the screen of a Unitronics device that was hacked in Aliquippa, Pa., on Saturday, Nov. 25, 2023. The hacked device was in a pumping booster station owned by the Municipal Water Authority of Aliquippa. An electronic calling card left by the hackers suggests they picked their target because it uses components made by an Israeli company.
Cybersecurity
Congressmen Ask DOJ to Investigate Water Utility Hack
Manufacturing Business Management
Sponsor Content
Manufacturing Business Management
More in Cybersecurity
Manufacturing Business Management
Sponsored
Manufacturing Business Management
Acumatica looks to offer new solutions.
May 1, 2024
Ransomware
Cybersecurity
Report Identifies Hidden Costs, Challenges of Ransomware
Too many are paying, and the reasons range from understandable to infuriating.
April 25, 2024
Ep90
Video
Security Breach: DMZs, Alarm Floods and Prepping for 'What If?'
The new factors impacting a growing attack surface, and how to evolve your cyber risk strategies.
April 25, 2024
Fleet Of Fed Ex Delivery Trucks In A Parking Lot 483290419 4500x3000 (1)
Cybersecurity
Transportation and Logistics Under Siege
A look at how this vital and increasingly targeted market sector is responding to more cyberattacks.
April 24, 2024
Industrial Cyber
Cybersecurity
5G, AI and More Are Changing OT - Why Zero Trust Could Be the Solution
Maximizing technology investments while maintaining security.
April 24, 2024
Manufacturing Infrastructure Cyber
Cybersecurity
Avoiding Shutdowns from Ransomware Attacks
A strategic approach for protecting OT networks.
April 24, 2024
IEC 62443 is a key standard to reduce risk of cyberattacks in industrial workplaces.
Cybersecurity
How to Build a More Secure Connected World with IEC 62443
The goal is better efficiency, improved sustainability and interoperability, enhanced reliability and greater cost-effectiveness for system integrators, product suppliers and other stakeholders.
April 24, 2024
Coding
Cybersecurity
CISA Releases 7 ICS Advisories
Unitronics, Rockwell and Mitsubishi head the list.
April 19, 2024
Financial Cyber
Cybersecurity
Alarming Trends Reinforced in Ransomware Attack of Semiconductor Mfr.
Experts assess the fallout from the Dark Angel attack on Nexperia.
April 19, 2024
Industrial Cyber
Cybersecurity
Hexagon, Dragos Announce Partnership
The team-up looks to "revolutionize OT cybersecurity."
April 18, 2024
Ransomware
Cybersecurity
Report Shows Updated Ransomware Concerns
Hackers are elevating the complexity of their attacks - making them harder to detect.
April 18, 2024
Cybersecurity In A Bubble
Cybersecurity
Responding to Emerging Risks and Attack Vectors
Insight on key hacker strategies, response plans and creating a culture that embraces cybersecurity.
April 18, 2024
Ep89
Video
Security Breach: Weaponizing Secure-By-Design
How a greater focus on new and legacy OT connections could alter the cybersecurity battlefield.
April 18, 2024
Siemens Image 1
Cybersecurity
An Automatic Cyber Response Solution
The platform works to isolate and quarantine the infected production equipment during an attack.
April 11, 2024
Financial Cyber
Cybersecurity
1 in 5 S&P 500 Companies Reported Breaches Last Year
Ransomware demands and supply chain targeting continues to escalate.
April 11, 2024