Cybercrime took center stage last year and threats will only become more dangerous in 2017. The cost of cybercrime to businesses is now set to reach $6 trillion annually, a recent report found.
Worryingly, because of a lack of investment in cybersecurity, the manufacturing sector is now one of the most frequently hacked industries, second only to healthcare.
Cyberthreats have evolved from targeting computers, networks and smartphones — to people, cars, railways planes and power grids.
And as industrial technology advances, manufacturers are increasingly using cloud, data analytics and mobile to improve their connectivity and infrastructure. This means a larger attack surface from which cyber criminals can infiltrate.
Businesses are reacting to the increased threat by pouring money into cyber defenses – $1 trillion globally over the next five years. But what are they protecting themselves from?
(Industrial) Internet of Things
In 2016, the largest ever Distributed Denial of Service (DDoS) attack took down hundreds of websites in the U.S., including titans like Netflix, Twitter and Reddit. A new weapon was used to launch the attacks — the Mirai botnet.
But unlike typical botnets, in which malware-infected computers bombard websites, the Mirai botnet was the first of its kind to use Internet of things (IoT) devices.
Devices — like internet-enabled DVRs and fridges — with hardcoded default passwords, were used en masse. Typically neglected in terms of cybersecurity, these products created the perfect opening for the Mirai botnet.
“The challenge we face is that many of [these products] are not designed with security in mind,” says Terence Greer-King, director of cybersecurity at Cisco. “Many users do not realize that they are essentially deploying a tiny web-enabled server in their home that could potentially be subverted to cause harm.”
And as manufacturers transition to industry 4.0, cybersecurity safeguards against these attacks will be crucial. The Industrial Internet of Things (IIoT) (the use of sensor data and machine-to-machine communication in manufacturing) allows manufacturers to pick up on inefficiencies and gain business intelligence insights.
To reap these benefits industrial networks are connected seamlessly. However, manufacturing security vulnerabilities occur because these networks operate at very different levels of trust.
IIoT devices run the risk of being used to DDoS others and their vulnerabilities also leave them open to be used against their own organisations. Consequences of these attacks on manufacturing and operational technology networks could be costly.
If an attacker changes the performance of your operational technology, you could be forced to recall your products further down the road. Unlike hacks to digital services, manufacturers can’t restore from backup.
The Mirai botnet attacks were relatively harmless, but the potential for disaster is huge. What if Mirai targeted critical infrastructure, or internet-connected hospital equipment? As more IoT devices are produced, the potential size of these botnets increases.
Manufacturers must ensure security is part of the product design, or face responsibility when their products are used as tools by cyber criminals.
Intellectual Property Theft
Twenty-one percent of manufacturers have suffered a loss of intellectual property from cyberattacks. Additionally, the 2016 Manufacturing Report from Sikich noted a rise in attacks on the sector — with theft of IP cited as a primary motive.
As cyber criminals increasingly target manufactures, the FBI now estimates that $400 billion worth of IP leaves the U.S. each year.
Within manufacturing, there are countless incidents of malicious insiders stealing a company’s IP or other confidential information for personal profit — or even revenge.
Attackers increasingly use social engineering techniques to infiltrate businesses and access intellectual property. This means the weakest link in your cyber defenses is often your own employees.
A smart hacker can easily use social media and personal email addresses to bypass typical network defenses. Attackers can then pose as a superior to get admin privileges or even blackmail victims.
Manufacturers can reduce the risk of these social engineering attacks by educating their employees on basic cybersecurity principles.
With an increasingly mobile workforce, threats arise from both personal and business devices. The impact of perimeter defences has lessened, but the need to protect your IP remains just as important. Security must be built from the endpoint — your corporate network — outwards.
Cybersecurity Skills Shortage
With a predicted shortfall of 1.5 million cybersecurity professionals, globally — and 209,000 unfilled in the U.S. alone — organizations in every vertical will struggle to fill their security roles in 2017.
As the manufacturing industry is already one of those struggling most with cybercrime, the massive shortfall in skilled cybersecurity professionals is incredibly worrying.
“Cybercrime fuelled a cybersecurity market explosion over the past five years,” says Steve Morgan, CEO at Cybersecurity Ventures. “All signs point towards a prolonged cybersecurity workforce shortage through at least 2021.”
You can’t implement your new security strategy if you lack qualified cybersecurity professionals. Manufacturers must aim to hire cybersecurity savvy professionals, who hold industry-recognised cybersecurity qualifications like the gold standard CISSP.
The cybersecurity skills shortage is one of the largest threats to the manufacturing industry and all businesses globally. Manufacturers must invest in cybersecurity or risk suffering the consequences.
Alex Bennett is a digital marketer at Firebrand Training.