One single vulnerability is all a hacker needs.
In 2022, manufacturing firms suffered more than 130 data breaches which exposed 38 million records. Additionally, as noted by Retail Dive, 48% of critical manufacturing providers in key sectors are now at risk of “significant” data breaches.
Breaches come with costly consequences. The IBM 2022 Cost of a Data Breach Report cited the average data breach cost for manufacturing firms was $4.47 million, up 5.4% from 2021.
Simply, every industry is under the same threat. When one cyber attack is successful and they often are, production suffers, revenue is lost and work performance and moral take a hit. We need to acknowledge inherent risks and proactively mitigate the consequences of network compromise. Often third-party ecosystem is unknowingly compromised.
Companies are often attractive targets for cyber attackers who want to access a more extensive customer base. Compromising manufacturing systems requires an entry point. While malicious actors continuously develop new methods to breach company networks, four attack vectors are common:
Phishing & Ransomware
Cyber attacks often start with phishing. Why? Because it works. The 2023 State of the Phish report shows that direct financial losses from successful phishing attacks increased by 76% in 2022.
Phishing opens the door to lateral movement across a network and allows bad actors to introduce ransomware into an operating environment, which can both shut down production lines and leave companies with a difficult choice: Pay and risk being victimized again, or ignore hacker demands and run the risk of significant data loss.
Ransomware is a growing concern– for good reason. The number of successful ransomware attacks spiked by 107% in 2022, according to a report from Dragos. The increase may be due to many businesses and manufacturers that have little-to-no visibility into their systems. Shared credentials between information networks and operational tech systems multiplies the threat. When each is combined, this makes an easy prey for lazy cyber criminals. For a sophisticated cyber actor, the fun they have is at your expense.
Insider Attacks
Insider threats have risen 44% over the past two years, and the time to contain these incidents has also increased from 77 to 85 days. For public and private companies, insider threats present a dual problem: Not only can users with network access exfiltrate data such as intellectual property or product schematics, but the loss of this data could impact current production operations, which leads to production slowdowns as companies work to track down the origin of these attacks.
Legacy Tools and Technology Gaps
According to the InfoSec Institute, legacy systems remain a key point of compromise. Legacy tools are often tied to industrial control systems (ICS) and supervisory control and data acquisition (SCADA) technologies that are critical to the continued operation of production lines. In many cases, ICS and SCADA tools were deployed in the early years of company growth and have become so interwoven with operational best practices that they’re almost impossible to remove. Additionally, these tools were never designed to work with cloud-connected and internet-facing technologies. This creates a potential point of compromise — and once attackers are inside ICS or SCADA systems, they can directly affect critical operations.
Third-Party Compromise
Threat actors are targeting the manufacturing sector because of the vast connected network of suppliers and partners– third parties who may not have as robust security practices as you and may be easier targets. Generally, poor security and cloud protection practices, making your data easy prey for hackers.
An average of 20% of an organization’s vendor portfolio exhibits a high inherent risk profile. Are you aware of which providers are most prone to a successful cyber attack and where common gaps occur across your portfolio?
Threat detection is critical and has national importance.
If a security team can spot potential cyber attacks before compromising key systems, they can significantly mitigate — or entirely avoid — possible damage. However, security teams need to know what they’re looking for to accomplish this goal. There are limits to Security Operation Centers and Compliance analysis and view. What is needed is to go deeper in to the network and systems.
Insider attacks are characterized by abnormal activity and data movement.
Consider a staff member facing the prospect of employment termination but still has system access. Using their current credentials, they may access product or production line data and then send it to personal email addresses or transfer it to a personal USB drive. Even with proper access control protocols, malicious actions and privilege escalations are difficult to notice. Implementing solutions capable of monitoring user behavior and comparing it to generalized use across the organization, teams can spot insider threats more easily.
Similarly, if your suppliers have recently undergone a reduction in workforce, the same potential risk exists here, too. In instances where mass layoffs have occurred, hackers may also look for dormant accounts that may provide a back door into systems.
When it comes to legacy tools, companies should be on the lookout for a sudden uptick in requests from ICS or SCADA systems outside the realm of normal operations. It’s also a red flag if these tools begin interfacing with Internet-facing solutions that are only peripherally connected to ICS and SCADA functions.
Cyber attacks targeting every business are becoming omnipresent.
To manage the evolving risk landscape, companies need strategies and technologies that tighten up first-party security defenses and address the vulnerabilities coming from their third-party ecosystem.