While some manufacturers may still be a ways off from creating a mature cybersecurity practice, every manufacturer should be aware of the five main cybersecurity threats to their company. Familiarizing yourself and your employees with them is the first step in reducing the risks they pose.
Ransomware
Ransomware is an increasingly dangerous threat and, unfortunately, all too common. Every business is in fear of a ransomware attack, but for manufacturers especially, it can cost them everything.
This deadly malware variant usually infects your systems when an unsuspecting employee accidentally clicks on a malicious link or attachment in a phishing email. And once someone opens this door for ransomware to creep in, it encrypts an organization’s data, possibly spreading throughout the entire network.
To regain access to their information, companies must pay the requested ransom, which is often tens of thousands of dollars. Not to mention, the cost of downtime.
That’s what makes this threat so scary and why many businesses don’t recover after being hit with ransomware. To avoid this scenario, as we mentioned above, manufacturers need to be training their employees on spotting malicious emails. Few products can prevent ransomware, it usually all comes back to one phishing email.
On top of that, manufacturers need to be backing up their data. Once ransomware has encrypted your systems, it’s extremely hard to reverse it. The easiest way out is if you have a backup of your systems. So make sure that this is a priority.
Intellectual Property Theft
The technology-driven world in which we live has made IP theft easier. Unfortunately, it’s often overlooked in favor of other types of cyber attacks. According to Deloitte, “compared with more familiar cybercrimes such as the theft of credit card, consumer health, and other personally identifiable information, IP cyber theft has largely remained in the shadows.”
This is frightening, especially for manufacturing firms, where IP is often a driving force behind their success. In this Industry Week article, one US manufacturer stated, “Most manufacturers are small to midsize shops that can’t wether the wholesale rip-off of their intellectual property.”
Innovation and creativity are at the heart of manufacturing, and having your trade secrets stolen by cybercriminals may just be enough to sink your ship. That’s why all manufacturers need to be aware of the threat of IP theft. By understanding the danger, manufacturing companies can put stricter policies in place and better brace for this type of attack.4. Spam
Spam messages are annoying for everyday people, but they can substantially reduce productivity at manufacturing plants. At one Dunlop Industrial plant in South Africa, members of the IT team had to manually sort through approximately 12,000 spam messages a day — a task that required up to 90 minutes and kept them from more effective uses of their time.
What comes to mind when you think about spam? Miracle pills from digital doctors and Internet pharmacies that guarantee to grow your hair and other things? How about chain emails like the one that promised you a portion of Bill Gates’ fortune if you forwarded the email to your friends? Or do you hear the word “Spam” and think, what’s for lunch?
We tend to think of cybercrime as something that happens to other people—people who simply weren’t careful about their online activities. The reality is that we’re all constantly under attack from cybercriminals and the proof is in your inbox.
Supply Chain Attacks
Now more than ever, manufacturing firms receive and supply sensitive information too many different enterprises. From vendors to partners, these digital touch points allow for more efficient and effective operations.
However, one thing that manufacturers need to be aware of is the threat of supply chain attacks.
This type of attack is a popular choice of many cybercriminals and was the cause of many of the biggest data breaches we’ve seen — such as the Target breach.
In a supply chain attack, a hacker will gain access to a partner or provider that has access to your systems and data. Through this relationship, the criminal can enter your network, steal your data, and cause significant harm to your company.
To manage this third-party risk, manufacturers need to be extremely aware of who they are sharing information with and what cybersecurity measures these partners have in place. It’s no longer enough to worry about your own company’s safeguards. You need to protect your data and systems from every point.
Phishing
Phishing occurs when cybercriminals craft convincing emails and use them to trick recipients into revealing sensitive information such as passwords. These messages often have branded letterheads or similar elements to help persuade people of their legitimacy. Phishing emails generally target a wide audience and are fairly easy to spot with generic greetings such as "Dear valued customer."
Spear phishing is a highly targeted kind of phishing that may only address one person at a manufacturing company or people within a particular department. In contrast to the phishing attempts previously mentioned, these targeted messages are more specialized and relevant to the recipient. For example, a person working in the accounting department might receive a spear phishing email about a particular invoice or tax form.
The manufacturing industry has invested heavily in cybersecurity the last few years, however, manufacturers still seem to be unsure how well they are protected, according to Deloitte’s Center for Industry Insights. This is likely due to the fact that manufacturers are hit hard with cyber attacks on a daily basis and in many cases don’t even know if the attacks are successful. Ericka Chickowski from Dark Reading writes, “…during the first half of 2018 manufacturing firms had the highest level of reconnaissance activity per 10,000 machines of any other industry. This kind of behavior typically shows that attackers are mapping out the network looking for critical assets.”
According to Proofpoint’s Human Factor report, manufacturing is one of the most phished industries, and data from Symantec’s 2018 Internet Security Threat Report (ISTR) supports this;
One in 384 emails sent to manufacturing employees contained malware
One in 3,988 emails was a phishing attempt
One out of every 41 manufacturing employees were sent a phishing attack
The ISTR also states that spear-phishing emails are by far the most widely used infection vector as they are used by 71% of the attackers.
With attack rates such as these it’s no wonder that 25% of the companies in the Sikich 2017 Manufacturing Report had a cybersecurity incident in the last 12 months and only 8.5% are ready to address cybersecurity.
Hackers know the weak spots within any organization, the employees, and take advantage of this by sending phishing and spear phishing attacks that are difficult for employees to identify as a threat.
Conclusion
Manufacturing companies face a number of cyber threats. Understanding what these threats are and being aware of the evolution of cybersecurity, manufacturers can better protect their data, IP, and systems. Putting the right manufacturing cybersecurity safeguards in place can protect you from losing everything.
Cymonix line of solutions can proactively address threats to your environment as your trusted long-term cybersecurity partner. A risk assessment can proactively identify and respond to a security incident such as this and can determine if threats are present. Contact Us!