Manufacturers have fallen victim to some of the worst cyberattacks in recent memory.
Two specific ransomware incidents, WannaCry and Petya, dominated headlines in 2017, causing significant damage across industries in multiple countries. Major organizations, like the U.S.-based pharmaceutical giant Merck, had their manufacturing operations crippled when ransomware took control of employee computers all over the world. The cost of the June cyberattack for the international drugmaker? Approximately $275 million.
As the frequency of cyberattacks increases, the manufacturing industry will remain a popular target for cybercriminals. Years of prioritizing efficiency and productivity have created gaping security holes in many manufacturing systems, leaving legacy solutions vulnerable to cyber risk. It’s also difficult to modernize large manufacturing facilities. The elaborate networks manufacturers utilize are often extremely specialized, creating a very large attack surface that is nearly impossible to manage with outdated security practices.
If manufacturers continue to put off addressing their digital weaknesses, they risk becoming the victim of the next major cyberattack.
Disparate technology pokes holes in manufacturing’s digital security
All it takes is one data breach to bring down an entire manufacturing organization. A single hack can expose decades worth of customer data, intellectual property (IP), internal operating processes and other valuable information.
In addition to stealing a manufacturer’s data, cybercriminals can also launch attacks that cause physical damage to a facility. Infected servers can cause machinery to malfunction or overheat, resulting in potential explosions at operating sites. Not only does this set manufacturers back in terms of productivity, it also deals a heavy financial blow to companies, costing American enterprises across all industries approximately $1.3 million for every data breach. A separate report found an additional 28 percent of manufacturers reported an average 14 percent on lost revenue due to attacks in 2017 alone.
The rift between legacy equipment and modern technology is one of the largest contributors to a manufacturer’s security gaps. Networked manufacturing equipment isn’t always fully compatible with modern firewalls and antivirus software. Many manufacturers adopt a policy of removing security when it conflicts with production, instead of considering modernizing their equipment or segmenting their network to isolate it.
Bad actors have gone after manufacturers for years because of historically weak security protocols and legacy equipment that lacks security by design. But as manufacturing organizations shift their priorities towards developing robust cybersecurity measures, hackers will find their once-favorite victim is no longer an easy target.
Mitigating cyber risk: how manufacturers are taking the steps to protect their organization
As long as thieves continue to profit from the selling of proprietary data on the dark web, manufacturing organizations will continue to be targets of malicious hackers. While manufacturers can’t stop criminals from deploying cyberattacks, they can take the necessary steps to establish a robust security program to thwart attempts before hackers can cause significant damage.
Developing cyber resilience ensures manufacturers not only prevent attacks but also have the tools to quickly recover in the worst case scenario. With the threat of cyber risk top of mind for manufacturers, here are several steps organizations can take today to protect their business:
- Prioritize security for business needs. Deploying holistic security measures takes time, but manufacturers should start by protecting their most valuable assets such as IP and trade secrets. Hackers are likely to target these assets first, so companies should secure their networks and develop encrypted storage for any proprietary data to mitigate massive losses. A thorough IT risk assessment can help manufacturers identify where their most sensitive information lives and work backwards to prevent future breaches.
- Educate employees on good cyber hygiene. Company-wide security measures are only effective when employees practice good cyber habits. Manufacturers should take care to educate their teams on best practices to protect both their personal and company information from hackers using phishing or brute-force attacks. When employees maintain safe cyber hygiene, they are less likely to be the root cause of potential data leaks. Manufacturers can also deploy periodic testing, for example, to ensure employees are always practicing safe habits and constantly thinking about cybersecurity.
- Conduct routine security audits. For increased protection, manufacturers should always remember to update their computer systems and work with vendors to maintain the software/firmware that runs their networked manufacturing equipment. Failure to install the latest updates can result in harmful malware exploiting software vulnerabilities, destabilizing software and enabling viruses to gain control over manufacturing facilities. In addition to fixing security flaws, software patches can also improve systems stability, provide new features and deliver bug fixes.
- Establish an incident response plan. Even the strongest security plan is subject to failure, and manufacturers must be prepared to respond in the instance they fall victim to a hack. An incident response plan details how businesses should contact their key stakeholders and how back-up systems are properly utilized in order to minimize data loss. A digital security plan should also provide employees guidance on how best to respond to a cyberattack and can help shorten a manufacturer’s recovery time following a hack.
With a thorough cybersecurity strategy in place, manufacturers can prepare their organization for cyber risk and strengthen resilience in case disaster strikes. Investing the time and resources to modernize manufacturing facilities today goes a long way in preventing tomorrow’s cybercriminals from grinding operations to a halt.
Nikolai Vargas is CTO of Switchfast.