Top Cybersecurity Threats To Manufacturing In 2017

The manufacturing sector is amongst the most frequently hacked and the forecast for 2017 is dire. These are the escalated cybersecurity challenges manufacturers must overcome.

Mar 16, 2017
Mnet 191657 Cyberattacks 0
Alex BennettAlex Bennett

Cybercrime took center stage last year and threats will only become more dangerous in 2017. The cost of cybercrime to businesses is now set to reach $6 trillion annually, a recent report found.

Worryingly, because of a lack of investment in cybersecurity, the manufacturing sector is now one of the most frequently hacked industries, second only to healthcare.

Cyberthreats have evolved from targeting computers, networks and smartphones — to people, cars, railways planes and power grids.

And as industrial technology advances, manufacturers are increasingly using cloud, data analytics and mobile to improve their connectivity and infrastructure. This means a larger attack surface from which cyber criminals can infiltrate.

Businesses are reacting to the increased threat by pouring money into cyber defenses – $1 trillion globally over the next five years. But what are they protecting themselves from?

(Industrial) Internet of Things

In 2016, the largest ever Distributed Denial of Service (DDoS) attack took down hundreds of websites in the U.S., including titans like Netflix, Twitter and Reddit. A new weapon was used to launch the attacks — the Mirai botnet.

But unlike typical botnets, in which malware-infected computers bombard websites, the Mirai botnet was the first of its kind to use Internet of things (IoT) devices.

Devices — like internet-enabled DVRs and fridges — with hardcoded default passwords, were used en masse. Typically neglected in terms of cybersecurity, these products created the perfect opening for the Mirai botnet.

“The challenge we face is that many of [these products] are not designed with security in mind,” says Terence Greer-King, director of cybersecurity at Cisco. “Many users do not realize that they are essentially deploying a tiny web-enabled server in their home that could potentially be subverted to cause harm.”

And as manufacturers transition to industry 4.0, cybersecurity safeguards against these attacks will be crucial. The Industrial Internet of Things (IIoT) (the use of sensor data and machine-to-machine communication in manufacturing) allows manufacturers to pick up on inefficiencies and gain business intelligence insights.

To reap these benefits industrial networks are connected seamlessly. However, manufacturing security vulnerabilities occur because these networks operate at very different levels of trust.

IIoT devices run the risk of being used to DDoS others and their vulnerabilities also leave them open to be used against their own organisations. Consequences of these attacks on manufacturing and operational technology networks could be costly.

If an attacker changes the performance of your operational technology, you could be forced to recall your products further down the road. Unlike hacks to digital services, manufacturers can’t restore from backup.

The Mirai botnet attacks were relatively harmless, but the potential for disaster is huge. What if Mirai targeted critical infrastructure, or internet-connected hospital equipment? As more IoT devices are produced, the potential size of these botnets increases.

Manufacturers must ensure security is part of the product design, or face responsibility when their products are used as tools by cyber criminals.

Intellectual Property Theft

Twenty-one percent of manufacturers have suffered a loss of intellectual property from cyberattacks. Additionally, the 2016 Manufacturing Report from Sikich noted a rise in attacks on the sector — with theft of IP cited as a primary motive.

As cyber criminals increasingly target manufactures, the FBI now estimates that $400 billion worth of IP leaves the U.S. each year.

Within manufacturing, there are countless incidents of malicious insiders stealing a company’s IP or other confidential information for personal profit — or even revenge.

Attackers increasingly use social engineering techniques to infiltrate businesses and access intellectual property. This means the weakest link in your cyber defenses is often your own employees.

A smart hacker can easily use social media and personal email addresses to bypass typical network defenses. Attackers can then pose as a superior to get admin privileges or even blackmail victims.

Manufacturers can reduce the risk of these social engineering attacks by educating their employees on basic cybersecurity principles.

With an increasingly mobile workforce, threats arise from both personal and business devices. The impact of perimeter defences has lessened, but the need to protect your IP remains just as important. Security must be built from the endpoint — your corporate network — outwards.

Cybersecurity Skills Shortage

With a predicted shortfall of 1.5 million cybersecurity professionals, globally — and 209,000 unfilled in the U.S. alone — organizations in every vertical will struggle to fill their security roles in 2017.

As the manufacturing industry is already one of those struggling most with cybercrime, the massive shortfall in skilled cybersecurity professionals is incredibly worrying.

“Cybercrime fuelled a cybersecurity market explosion over the past five years,” says Steve Morgan, CEO at Cybersecurity Ventures. “All signs point towards a prolonged cybersecurity workforce shortage through at least 2021.”

You can’t implement your new security strategy if you lack qualified cybersecurity professionals. Manufacturers must aim to hire cybersecurity savvy professionals, who hold industry-recognised cybersecurity qualifications like the gold standard CISSP.

The cybersecurity skills shortage is one of the largest threats to the manufacturing industry and all businesses globally. Manufacturers must invest in cybersecurity or risk suffering the consequences.

Alex Bennett is a digital marketer at Firebrand Training

Read Next
Cybersecurity
Cybersecurity
ZAG Technical Services Announces New Cybersecurity Offering
April 5, 2024
Latest in Cybersecurity
All-In-One Manufacturing Management
Sponsored
All-In-One Manufacturing Management
April 17, 2024
Financial Cyber
Alarming Trends Reinforced in Ransomware Attack of Semiconductor Mfr.
April 19, 2024
Industrial Cyber
Hexagon, Dragos Announce Partnership
April 18, 2024
Ransomware
Report Shows Updated Ransomware Concerns
April 18, 2024
Related Stories
Cybersecurity
Cybersecurity
ZAG Technical Services Announces New Cybersecurity Offering
I Stock 1251037786
Cybersecurity
What is Volt Typhoon?
This photo provided by the Municipal Water Authority of Aliquippa shows the screen of a Unitronics device that was hacked in Aliquippa, Pa., on Saturday, Nov. 25, 2023. The hacked device was in a pumping booster station owned by the Municipal Water Authority of Aliquippa. An electronic calling card left by the hackers suggests they picked their target because it uses components made by an Israeli company.
Cybersecurity
Congressmen Ask DOJ to Investigate Water Utility Hack
Manufacturing Business Management
Sponsor Content
Manufacturing Business Management
More in Cybersecurity
Manufacturing Business Management
Sponsored
Manufacturing Business Management
Acumatica looks to offer new solutions.
April 17, 2024
Financial Cyber
Cybersecurity
Alarming Trends Reinforced in Ransomware Attack of Semiconductor Mfr.
Experts assess the fallout from the Dark Angel attack on Nexperia.
April 19, 2024
Industrial Cyber
Cybersecurity
Hexagon, Dragos Announce Partnership
The team-up looks to "revolutionize OT cybersecurity."
April 18, 2024
Ransomware
Cybersecurity
Report Shows Updated Ransomware Concerns
Hackers are elevating the complexity of their attacks - making them harder to detect.
April 18, 2024
Cybersecurity In A Bubble
Cybersecurity
Responding to Emerging Risks and Attack Vectors
Insight on key hacker strategies, response plans and creating a culture that embraces cybersecurity.
April 18, 2024
Ep89
Video
Security Breach: Weaponizing Secure-By-Design
How a greater focus on new and legacy OT connections could alter the cybersecurity battlefield.
April 18, 2024
Siemens Image 1
Cybersecurity
An Automatic Cyber Response Solution
The platform works to isolate and quarantine the infected production equipment during an attack.
April 11, 2024
Financial Cyber
Cybersecurity
1 in 5 S&P 500 Companies Reported Breaches Last Year
Ransomware demands and supply chain targeting continues to escalate.
April 11, 2024
Soc
Cybersecurity
How Oversight Impacts Enterprise Level Cybersecurity
A new report examines the benefits being realized by higher-level cyber scrutiny.
April 11, 2024
Ep88tn2
Video
Security Breach: Over-Connectivity and Mobile Defeatism
The good, the bad and the ugly of mobile device security in the expanding OT attack landscape.
April 11, 2024
Ldra
Cybersecurity
Platform Offers Actionable Security Analysis & Reporting
New vulnerability heat maps help remediate critical issues sooner.
April 10, 2024
Zero Trust Maxxa Satori
Cybersecurity
Research Shows Increased Zero Trust Adoption In Industrial Sectors
The strategy is being implemented across IT and OT environments.
April 10, 2024
Container Ship At Port And Cargo Plane 000071988275 Large
Cybersecurity
Protecting Ships from Cyber Terrorism
Cargo ships feature a number of connected operational technologies - making them vulnerable to cyberattacks.
April 10, 2024
Cybersecurity
Cybersecurity
ZAG Technical Services Announces New Cybersecurity Offering
The safeguard minimizes the risk a harvest will be interrupted by cyber threats.
April 5, 2024
People Cyber Metamorworks
Cybersecurity
The Weakest Link in Manufacturing Cybersecurity
An organization can be equipped with state-of-the-art cybersecurity systems, but one significant vulnerability may remain.
April 4, 2024