Gone are the days when cyberattacks were a passing concern for technology manufacturing companies. As smart machines replace legacy equipment, the number of cyberattacks is fast-growing, increasing the risk of production slowdowns, product defects, and lower productivity.
Hackers know that many manufacturers, particularly those that have 24/7 production lines or operate in a just-in-time manufacturing environment, cannot endure a lengthy disruption without adverse business effects. This vulnerability has resulted in a sharp increase in ransomware attacks that use malicious software to hold a system hostage until a ransom is paid. Essentially, it’s a form of extortion.
The Chubb Cyber Index indicates that ransomware attacks against manufacturers exceed similar attacks against all other industry segments, including healthcare—a traditional target. Hackers believe that a hospital is more likely to pay a ransom in order to restore operations for patient safety, and they count on manufacturers doing the same to keep the factory humming.
Similarly, Verizon’s 2018 Data Breach Industry Report, which cites cyber espionage as a growing threat, reflected that data breaches affecting manufacturers had also grown. In addition to extorting a ransom, hackers are also increasingly interested in accessing a company’s research and development data, proprietary product blueprints, and intellectual property to sell on the Dark Web.
Upsides and Downsides
The enhanced threat of a cyberattack puts technology manufacturers in a new and difficult position: a formerly low-risk industry now has a high-risk profile. This is primarily due to the industry’s embrace of the Industrial Internet of Things (IIoT)—the internet-enabled connections between operational technology (OT) and information technology (IT).
Leveraging smart machines, technology manufacturers can make higher quality products, increase productivity and obtain real-time insights into the supply chain to shift production where needed. These and other benefits are attainable thanks to sensor-produced machine data that travels from OT systems to IT systems where the data is analyzed for business purposes. While these sensors can deliver great benefits to the manufacturer, they also offer a new avenue for hackers to exploit, providing a new opportunity for the data to be stolen or compromised.
The IIoT effectively widens the attack surface for hackers, and once they are in the network, they can find ways to penetrate OT systems, shutting down machinery and worse. As reported by Wired magazine, at a cyberattack conference in 2017, a nefarious “proof of concept” was introduced and executed by “white hat” hackers—the good guys—against a hypothetical technology component manufacturer. In this situation, the component specifications manufactured by a robot executing 3D printing tasks were altered to change its dimensions and composition. The adjustment resulted in a defect causing the final product to fail. Had this actually occurred and depending upon the circumstances, the outcome could have been costly to address and potentially devastating to the manufacturer’s future.
In addition to the potential data, business and productivity losses that can occur, workplace safety can also be severely compromised in a cyberattack. Automated safety control systems can be compromised in a cyber incident and fail to detect a physical safety threat, possibly causing physical injury to a worker.
Despite the very serious risks posed, the advantages of the IIoT have made it an integral part of efficient methods of production and its use will continue to increase. Consequently, technology manufacturers must strengthen the connections between their OT systems and IT systems to decrease unauthorized network intrusions. But how?
The first step in this process is to conduct a tech audit of the IT and OT systems to determine which assets are connected to the network. For instance, it is not uncommon to find an old printer connected to the network. In the past, having a random printer on the network wasn’t much of cyber risk, but now that the IT and OT systems are also on that same network, a hacker can potentially penetrate the printer’s antiquated operating system to gain entry onto the network and into the OT systems.
An audit will ferret out evidence of unauthorized wireless local area networks within the plant’s perimeter and proximity. It’s advisable for audits to adhere to the cybersecurity standards, guidelines and best practices of a certified framework, such as the one provided by the National Institutes of Standards and Technology (NIST).
Another way to buttress a network is to deploy intrusion detection and prevention systems, spam filters and antivirus programs. Many of these use so-called “blacklisting” techniques whereby firewalls and antivirus programs are configured to block known malware associated with particular IP addresses, user IDs and email addresses; however, not all bad traffic or malware can be put on a blacklist because it may not have been discovered yet. The use of “whitelisting,” in which only specific IP addresses, user IDs and email addresses are provided access to the network, is another best practice that compliments blacklisting. Both tactics, in combination with one another, provide a more comprehensive and layered system security approach.
Segment the Network
Consider an office building with a locked front door but multiple rooms with unlocked doors inside it. Once an intruder gets through the first door, he has access to the entire building. Network segmentation locks all the doors, and only those with keys can gain access to different sections of the network. When defenses against unauthorized network access are implemented, more sensitive data can be segmented behind other “doors” that are locked with higher levels of security.
Hiring a third-party penetration testing firm is another smart tactic. They employ technicians who will try to defeat security protocols and hack into the network. The lessons learned from these exercises can be used to further bolster security measures.
Managing the vendors, suppliers and other third parties that have authorized access to IT and OT systems is critical. Frequently, these parties are a hacker’s point of entry into the network. Periodic review of their access rights and contractually requiring them to maintain agreed-upon cybersecurity practices is a recommended practice.
Keep in mind, vendors add value to a business, but they also put it at increased risk. Leverage software and other due diligence methods to clear and pre-qualify third- and fourth-party vendors before they even enter the business ecosystem.
Last but not least, it’s incumbent upon all companies to train and educate their employees to detect and report evidence of a phishing attack or other forms of malicious programming, given the role that social engineering plays in hackers’ strategies. Some manufacturers also perform mock phishing attacks to uncover specific vulnerabilities and improve their training programs—a smart tactic, given that the Chubb Cyber Index notes that more than 30 percent of cyber claims in 2018 involved phishing attacks.
Leverage Cyber Insurance Services
The IIoT is here to stay given its profound business benefits. Hackers and cyber threats aren’t going away either. As of March 7, 2019, the Chubb Cyber Index indicated that 588,585,556 records belonging to insureds have been exposed to hackers. Now is the time to take action.
Veronica Somarriba is executive vice president of manufacturing and technology commercial insurance at Chubb.