As cybersecurity awareness and capabilities are improving each year, the sophistication and number of cyber-attacks and the capabilities of cybercriminals are keeping pace.
One example can be seen with the introduction of AI and machine learning tools into the mainstream. These tools are changing the cybersecurity landscape by allowing organizations to analyze immense amounts of data and scan intricate digital infrastructures to identify vulnerabilities within a system in a fraction of the time and cost that was done previously.
This is great news for the cybersecurity industry, which continues to face an increasing talent shortage. However, cybercriminals have access to the same AI and machine learning tools and they are adapting them to create more sophisticated attacks and to find the most vulnerable and lucrative targets. This is alarming for every organization out there that is struggling to keep up with changing technologies coupled with a shortage of cybersecurity professionals.
But which industries are the most at risk, and who has the most to lose?
When it comes to which industries may be the most at risk and who has the most to lose, the manufacturing industry always falls near or at the top of that list. The industrial sector continue to be targeted year after year by cybercriminals looking to steal intellectual property, shut down production facilities for ransom, and inflict as much damage as possible.
Let’s take a look at some of the main reasons cybercriminals choose to target manufacturing, as well as which segments of the industry are the most at risk.
A Prime Target
Manufacturing is a high-value target for cybercriminals looking to steal intellectual property, access sensitive customer and vendor data, and shut down industrial plants for large payouts.
The average cost of a data breach in the manufacturing industry was approximately $4.47 million in 2022, an increase of 5.4 percent over 2021. Additionally, most experts believe that the average cost of a data breach in the manufacturing industry is expected to be even higher in 2023 as manufacturers become more reliant on technology to automate plants and processes.
Although the financial damages of a data breach within the manufacturing industry are troublesome, there is also a threat to human life that can keep OT/IT professionals awake at night. The sector contains what the U.S. government considers “critical infrastructure entities”. Critical infrastructure entities are companies that possess assets, systems, and networks (both physical and virtual) that are considered vital to the United States because their incapacitation or destruction would have a debilitating effect on national security, economic security, public health, and safety.
Increased dependence on technology and automation, coupled with a shortage of cybersecurity talent, especially OT cybersecurity talent, means that the manufacturing industry is going to remain a top high-value target for cybercriminals across the globe.
Keep in mind that it’s not just large organizations in the manufacturing and industrial sectors that are the most at risk. It’s the small businesses that may make easier targets for data breaches. Even the most niche manufacturers will have to rely on secure CRM tools and other SaaS cybersecurity solutions just to maintain private communications with their customers.
Whether you are a small business or a large-scale enterprise, it is going to be a challenging year when it comes to combating cybercrime. Here are the top segments of the manufacturing industry at the most risk for cyber attacks in 2023:
The automotive industry is no stranger to cyber threats, as cybercriminals have been targeting the automotive industry on every level for years.
From attacking and shutting down connected vehicles to exploiting vulnerabilities in software updates for electric cars, hackers are constantly trying to figure out ways to profit from hacking the automotive industry and its customers. When you consider the fact that upwards of 70 percent of people in the United States and Canada are considering an electric vehicle for their next car purchase, it’s easy to see how everyday people can be affected. Hackers can take control of connected and self-driving vehicles for ransom or to cause serious harm by shutting down the engine on a busy freeway.
On a large scale, hackers have been targeting manufacturing plants and supply chains. It was famously in 2017 that Renault-Nissan experienced a ransomware attack that successfully shut down five different production plants in England, France, Slovenia, Romania, and India. The five plants immediately needed to be disconnected from the larger network to prevent infecting additional plants. It took three days to get the plants back online, costing Renault-Nissan millions of dollars in lost productivity.
Although the exact figures of how much damage Renault-Nissan suffered as a result of the ransomware were not fully disclosed, this cyber breach is estimated to be one of the largest and most costly in recent years for the manufacturing industry.
2. Food and Beverage
As automation, data gathering, and remote access become more ubiquitous and important in the food and beverage industry, the task of assessing vulnerabilities has become overwhelming. Many of the recent, successful ransomware attacks were a result of exploiting a vulnerability on the business information technology side that then gave the hackers access to the operational technology side.
Because many manufacturers have not been able to separate their IT and OT systems from one another, cybersecurity professionals are left to oversee a monolithic digital infrastructure that can contain many different security requirements, attack vectors, and vulnerabilities for cybercriminals to exploit. One phishing email sent to a person in HR at HQ can give hackers the ability to install malware or ransomware at manufacturing and production plants anywhere the business operates.
One famous example is what happened to Mondelez in 2017. Mondelez is a multinational food and beverage company that suffered a malware attack that stole thousands of user credentials and permanently damaged over 1,700 servers and 24,000 laptops. At the same time, the malware shut down production facilities around the globe, and operations ground to a halt. It is estimated that this one single malware attack cost Mondelez nearly $100 million in damages.
The chemical manufacturing sector is another top target for cybercriminals. Although the chemical manufacturing sector is just as susceptible to malware and ransomware attacks that can cease operations and cost a company large sums of money, it is also highly susceptible to data theft.
The main reason for this is that the chemical manufacturing industry contains incredible amounts of intellectual property that includes patents, emerging technologies, new products, and research information.
This kind of intellectual property would be extremely valuable to other competing nations or companies, and if a cybercriminal were able to steal it, they could sell it to the highest bidder on the black market for quite a bit of money. What is troublesome, is that threat actors don’t have to be cybercriminals hiding behind their computers in their basements, they could also be employees. This was the case for DuPont.
In 2007, it was discovered that a research chemist had stolen over 22,000 abstracts and 16,706 documents from DuPont’s electronic data library. The stolen information was said to contain data on DuPont’s primary technologies and products as well as, at the time, details about current research and development projects. After the arrest of the employee, DuPont estimated that the fair market value of the information stolen was in excess of $400 million.
The above three segments of the manufacturing industry are among the most heavily targeted by cybercriminals headed into 2023. Not only can cyber attacks be financially damaging by threat actors who steal intellectual property to sell to foreign adversaries and domestic competitors, or who shut down operations at plants for ransom, they can be a threat to national security and public safety.
Additionally, it may not just be threat actors looking for a payout who would target the manufacturing and industrial sector, but it could be terrorist organizations or foreign governments looking to inflict as much harm to the United States as they can by disrupting daily life.
Due to the significant damage a cyber-attack could inflict on the United States through a targeted attack within the manufacturing and industrial sectors, Congress enacted the Strengthening American Cybersecurity Act in March of 2022. This legislation contains many critical components designed to strengthen cybersecurity and ensure transparency in reporting, requiring all critical infrastructure entities to report all substantial cyber incidents within seventy-two hours and any ransomware payment within twenty-four hours.
This may offer business owners some comfort, but that doesn’t mean they should let down their guard. Smaller businesses in the manufacturing industry will continue to be among the most commonly targeted by cybercriminals.