Cybersecurity-in-Manufacturing-Understanding-the-Risks

Cybersecurity in Manufacturing: Understanding the Risks

March 7, 2023 - Ellie Gabel

Revolutionized is reader-supported. When you buy through links on our site, we may earn an affiliate commision. Learn more here.

Today’s manufacturers produce some of the world’s most in-demand items, and customers from all over the world rely on them. Those are some of the many reasons why improving cybersecurity in manufacturing is essential. Successful attacks could cripple operations, causing long-term shutdowns for affected parts of a plant. 

Certain infiltrations could also cause ripple effects. For example, an attacker might remotely change a machine’s alignment, meaning everything produced on it does not meet quality control standards. It’s also often the case that attackers gain access to manufacturing systems for months before someone discovers them. Such extended timeframes give plenty of opportunities for them to wreak havoc that will be time-consuming and costly to repair.

Let’s explore some of the particular risks associated with insufficient cybersecurity in manufacturing. 

Manufacturers Must Make Cyber Hygiene Improvements 

Growing evidence suggests manufacturers are frequent and increasingly common targets for cyberattacks. However, many of them fail to take even the most basic precautions against attacks. 

Research published in June 2022 indicated that 40% of manufacturers had experienced cyberattacks within the past year. Another 35% of respondents said they had knowingly avoided attempted attacks. Those two statistics alone highlight how prepared manufacturing companies must be against threats that originate online. 

Other findings from the report were also worrisome. For example, less than 50% of respondents said they had company-wide cybersecurity policies. The results also indicated that less than 50% of those polled kept people across the business accountable for cyber safety. 

Respondents fell short when it came to implementing certain best practices, too. Just over 25% indicated penetration testing and access control occurred at their organizations. Then, approximately 40% of respondents said their manufacturing companies held industry-specific cybersecurity training programs. 

Moreover, less than 35% of respondents said their companies engaged in risk scoring or benchmarking. That’s problematic because it may mean decision-makers don’t understand how much room for improvement exists in their businesses. 

Prioritizing cybersecurity in manufacturing is a long-term aim, and it’ll take some time to make lasting improvements. However, decision-makers can start by becoming familiar with best practices and seeing how far off from those ideals their organizations are on typical days. It’ll then be easier to pinpoint the most effective starting points. 

Manufacturing Cyberattacks Can Span Multiple Countries

Many manufacturers have locations in several countries. This approach allows them to meet customer needs while nimbly responding to demand surges. However, as manufacturing networks spread across the globe, the likelihood of cyberattacks having larger reaches rises.

Take the example of Wilson Tool International, which specializes in products for sheet metal fabrication. When early signs emerged of an IT problem at the company, representatives originally suspected a downed server. However, they eventually found a ransomware note. As the IT team looked into the issue, they discovered the ransomware attack affected eight of the company’s 12 locations outside of the United States. 

Representatives of Wilson Tool soon discovered they could not access most of their internal files. The attack was so severe that it made their industrial automation solutions unusable.  It was then that people at the company realized they had become too dependent on automation and needed to figure out immediate alternatives for taking orders and making products. 

Some of the people who’d been at the company the longest were especially helpful in making these temporary transitions. That’s because they could still recall and had experienced times when certain tasks were not automated yet. They had helpful suggestions for doing things that did not require automation software and systems. 

A team effort and tremendous resourcefulness helped the company mitigate the long-term effects of the attack. In the early days after it happened, employees attended meetings at the start of their shifts that updated them on the progress of restoring the affected systems and what they should do until things were back online. Maintaining that communication was essential for keeping everyone informed and as well-equipped as possible for the unexpected situation. 

However, it’s often hard to achieve such coordination when a company’s manufacturing network spans multiple countries. Then, people may need to contend with several time zones, and communication could be exceptionally hard with many internet-related systems not currently functioning. 

A potential strategy is to develop detailed plans for what steps a company will take if an attack happens. Taking that kind of preventive approach for cybersecurity in manufacturing can help leaders determine what works and what doesn’t while under less pressure than an emergency would cause. 

Phishing Threats Require Better Cybersecurity in Manufacturing

Cybercriminals often orchestrate phishing attacks to gain entry to a system. The manufacturing sector has a continually growing attack surface. That’s due in part to how many factories are increasingly connected. The machines often collect real-time data with connected sensors. They may include robot fleets and artificial intelligence platforms, along with augmented reality wearables and other products that need internet connectivity to work. 

Consider that cybercriminals infiltrated the Colonial Pipeline after only stealing one password. That’s an example of how it can pay off for hackers to create realistic-looking phishing emails that try to tempt people into providing their passwords or other sensitive details. If recipients believe they must do it to get paid on time or satisfy officials, many won’t think twice before disclosing private information. 

Phishing attacks targeting the manufacturing sector often include the release of password-stealing malware. A recipient may not immediately provide their password, but they may interact with a phishing email in another way, such as by downloading an attached file. That may be all it takes to infect a system. News broke recently of a phishing campaign targeting German automobile manufacturers and dealers. It was so extensive that it persisted for years. 

The threat actors operated by making clones of numerous legitimate sites. The researchers identified 14 targeted entities, all with connections to the auto manufacturing industry. The researchers who uncovered the scheme also said it seemed the cyberattackers wanted to build rapport with their victims. That was because each phishing email had ample room for back-and-forth correspondence. 

This example shows how many phishing schemes are incredibly elaborate and far-reaching. If manufacturing representatives think emails from cyberattackers are legitimate and download the associated malware, it’s easy to see how a single email could wreak havoc across an organization. 

Improved Cybersecurity in Manufacturing Is Essential

These are just some of the many risks that can derail operations. Decision-makers in the industry must pay attention to and work to mitigate them. That’s especially true with so many factories increasingly connected to the internet. They’re filled with high-tech devices that cybercriminals may successfully exploit. 

However, awareness is the first step to enhancing cybersecurity in manufacturing. Once people know the most prominent risks, they can take practical steps to reduce them.

Revolutionized is reader-supported. When you buy through links on our site, we may earn an affiliate commision. Learn more here.

Author

Ellie Gabel

Ellie Gabel is a science writer specializing in astronomy and environmental science and is the Associate Editor of Revolutionized. Ellie's love of science stems from reading Richard Dawkins books and her favorite science magazines as a child, where she fell in love with the experiments included in each edition.

Leave a Comment