Cybersecurity in Manufacturing: Targeting Trade Secrets and New Technology

Global competition and threat actors looking for a competitive advantage make manufacturer trade secrets a prime target for cyberattacks.

Jan 29, 2019

Over the past several months, we have seen a string of corporate data breaches. The diverse set of enterprise targets make it clear that no company is safe from cyberattacks and while attacks occur in every industry, the manufacturing industry is in a unique position. Global competition and threat actors looking for a competitive advantage make manufacturer trade secrets a prime target for cyberattacks.

Beyond the value of this proprietary information, the growing prevalence of connected technologies, which increase production and efficiency, unfortunately also create additional avenues for attack. The manufacturing industry as a whole needs to take cybersecurity threats more seriously and increase defenses as these attacks result in financial loss, production downtime and damaged reputations and relationships.

Cyber-espionage: Targeting a Manufacturer’s Trade Secrets

Verizon’s 218 Data Breach Investigations Report found that across all industries, most attacks are opportunistic, while 86 percent of attacks impacting manufacturers are targeted acts of cyber-espionage. That is because cybercriminals targeting manufacturers are most often trying to obtain the planning, research and development of a manufacturer’s products. Why put in the effort when you can just steal someone else’s ideas? Almost half (47 percent) of manufacturing breaches covered in the 2018 report involved the theft of intellectual property to gain competitive advantage. To put that number into perspective, only 13 percent of breaches across all industries analyzed in the report were motivated by espionage. Manufacturers work hard to remain competitive on a global scale and as competition increases, so does the demand for stolen intellectual property. 

Manufacturers have also adopted new innovations such as Internet of Things (IoT) devices and machine learning on a large scale to keep pace with an evolving industry. These technologies increase productivity but they also increase the risk of cyberattack. According to Deloitte’s 2016 Global Manufacturing Competitiveness Index, CEOs say advanced manufacturing technologies like IoT, predictive analytics and smart products and factories, are essential to remaining competitive. In fact, Verizon’s State of the Market: Internet of Things 2017 found an 84 percent increase in IoT network connections in the manufacturing industry between 2016 and 2017. Adopting these technologies is essential for success but this creates a challenge in how to balance the increased efficiency while reducing the security risk associated with connected devices.

So who is carrying out cyberattacks on manufacturers? Verizon’s report found that manufacturing was one of the only industries in which state-affiliated actors were a main threat actor. However, external actors are not the only concern when it comes to cybersecurity in the manufacturing industry. Most external espionage cases begin with some type of phishing attack—cybercriminals send out phishing emails with the hopes that an unsuspecting employee will take the bait. On average, four percent of the targets in any given phishing campaign will click it. Employees can be an organization’s greatest asset but when it comes to a phishing cyberattack, they can also be a significant liability, which is why cybersecurity education is important for employees at any level.

Moreover, employees are not always the victims in cyberattacks—they may also be the perpetrators. Like external threat actors, employees may intentionally steal intellectual property to gain a competitive advantage.

Best Cybersecurity Practices for Manufacturers

There is no doubt that manufacturers are a prime target for cybercrime and they will likely continue to be bombarded with phishing attempts and cyberespionage attacks. Luckily, there are several tactics manufacturers can adopt to stay a step ahead of cybercriminals.

  • Data Storage and Access: Keep highly sensitive and secret data separated from the rest of your network. Restrict access to data to only those individuals who absolutely require it to do their jobs. It is also important to monitor that access routinely to ensure the data is not being copied, moved or accessed in a suspicious manner.
  • Data Loss Prevention: Implement data loss prevention (DLP) controls to identify and block transfers of data by employees. It is not only state-affiliated actors who can pose a threat—employees may also be motivated to steal secrets, especially those who are terminated or resigning.
  • Employee Security Education: Most external espionage cases begin with some type of phishing attack. You should conduct routine security training for employees to lessen the effectiveness of phishing attempts. Also, provide employees with a quick and easy way to report these kinds of attacks and encourage them to do so.
  • Security for Connected Devices: Adopt security measures designed specifically for IoT systems, such as a security credentialing service designed to help reduce many of the security threats linked with today’s IoT deployments. Just as user names and passwords allow employees to access various networks and devices, security credentials issued to connected devices enable only trusted devices to communicate with the enterprise infrastructure.
  • Multi-Factor Authentication: Thirty-four percent of security incidents in the manufacturing industry in 2017 involved malware. Once a hacker steals an employee’s login credentials, they can spread a virus throughout a manufacturer’s systems. To prevent the spread of viruses to other parts of a network, manufacturers should implement multi-factor authentication (MFA) to access systems, adding an additional layer of security.

Manufacturers face threats from both external and internal actors. Trade secrets are too valuable not to protect and manufacturers cannot afford to get lax in their cybersecurity practices. Armed with the knowledge of where they are must vulnerable, manufacturers will be better positioned to protect their intellectual property and prevent attacks motivated by cyberespionage.

Michael Kotelec Global Practice Leader with Verizon Enterprise Solutions.

Read Next
Cybersecurity
Cybersecurity
ZAG Technical Services Announces New Cybersecurity Offering
April 5, 2024
Latest in Cybersecurity
All-In-One Manufacturing Management
Sponsored
All-In-One Manufacturing Management
April 17, 2024
Ransomware
Report Shows Updated Ransomware Concerns
April 18, 2024
Cybersecurity In A Bubble
Responding to Emerging Risks and Attack Vectors
April 18, 2024
Ep89
Security Breach: Weaponizing Secure-By-Design
April 18, 2024
Related Stories
Cybersecurity
Cybersecurity
ZAG Technical Services Announces New Cybersecurity Offering
I Stock 1251037786
Cybersecurity
What is Volt Typhoon?
This photo provided by the Municipal Water Authority of Aliquippa shows the screen of a Unitronics device that was hacked in Aliquippa, Pa., on Saturday, Nov. 25, 2023. The hacked device was in a pumping booster station owned by the Municipal Water Authority of Aliquippa. An electronic calling card left by the hackers suggests they picked their target because it uses components made by an Israeli company.
Cybersecurity
Congressmen Ask DOJ to Investigate Water Utility Hack
All-In-One Manufacturing Management
Sponsor Content
All-In-One Manufacturing Management
More in Cybersecurity
Intuitive and Flexible Manufacturing ERP
Sponsored
Intuitive and Flexible Manufacturing ERP
Acumatica looks to offer new solutions.
April 17, 2024
Ransomware
Cybersecurity
Report Shows Updated Ransomware Concerns
Hackers are elevating the complexity of their attacks - making them harder to detect.
April 18, 2024
Cybersecurity In A Bubble
Cybersecurity
Responding to Emerging Risks and Attack Vectors
Insight on key hacker strategies, response plans and creating a culture that embraces cybersecurity.
April 18, 2024
Ep89
Video
Security Breach: Weaponizing Secure-By-Design
How a greater focus on new and legacy OT connections could alter the cybersecurity battlefield.
April 18, 2024
Siemens Image 1
Cybersecurity
An Automatic Cyber Response Solution
The platform works to isolate and quarantine the infected production equipment during an attack.
April 11, 2024
Financial Cyber
Cybersecurity
1 in 5 S&P 500 Companies Reported Breaches Last Year
Ransomware demands and supply chain targeting continues to escalate.
April 11, 2024
Soc
Cybersecurity
How Oversight Impacts Enterprise Level Cybersecurity
A new report examines the benefits being realized by higher-level cyber scrutiny.
April 11, 2024
Ep88tn2
Video
Security Breach: Over-Connectivity and Mobile Defeatism
The good, the bad and the ugly of mobile device security in the expanding OT attack landscape.
April 11, 2024
Ldra
Cybersecurity
Platform Offers Actionable Security Analysis & Reporting
New vulnerability heat maps help remediate critical issues sooner.
April 10, 2024
Zero Trust Maxxa Satori
Cybersecurity
Research Shows Increased Zero Trust Adoption In Industrial Sectors
The strategy is being implemented across IT and OT environments.
April 10, 2024
Container Ship At Port And Cargo Plane 000071988275 Large
Cybersecurity
Protecting Ships from Cyber Terrorism
Cargo ships feature a number of connected operational technologies - making them vulnerable to cyberattacks.
April 10, 2024
Cybersecurity
Cybersecurity
ZAG Technical Services Announces New Cybersecurity Offering
The safeguard minimizes the risk a harvest will be interrupted by cyber threats.
April 5, 2024
People Cyber Metamorworks
Cybersecurity
The Weakest Link in Manufacturing Cybersecurity
An organization can be equipped with state-of-the-art cybersecurity systems, but one significant vulnerability may remain.
April 4, 2024
Industrial Cyber
Cybersecurity
Nozomi Extends Partnership with Yokogawa
OT and IoT visibility and threat detection capabilities are now part of Yokogawa’s Cybersecurity Managed Services.
April 3, 2024
Soc
Cybersecurity
Everyone's Responsibility: Building a Cybersecurity-Centric Culture
Cybersecurity leaders must go beyond checking a box and get creative to actually change behavior.
April 3, 2024