Why Manufacturers Are Under-Prepared for Cyber Resilience

As manufacturing companies undergo the digital transformation commonly known as industry 4.0, they face a host of new cyber risks. The boundaries that once separated organizations have largely disappeared, as have the boundaries between IT and operational technology (OT). Manufacturers are also increasingly deploying Internet of Things (IoT) devices to increase efficiency.

Although these highly interconnected systems and supply chains generate enormous benefits, they also introduce potentially crippling vulnerabilities. Recent ransomware attacks on major manufacturers such as Honda, Nissan and Mondelez highlight how much cybersecurity has changed and how vulnerable firms are to new and evolving attack methods.[1]

Unfortunately, manufacturers aren’t keeping up with this changing cybersecurity landscape. A recent Wall Street Journal survey found that the manufacturing sector lagged other industries in key areas that affect cyber resilience. Fewer than two-thirds of the surveyed industrial/manufacturing companies have an in-house cybersecurity program, only 59 percent have an incident response plan in place, and 37 percent aren’t providing ongoing employee security awareness training.[2]

Reexamine Cybersecurity for Industry 4.0

One factor that makes cybersecurity so difficult for manufacturers is that protections must extend across a vast array of systems that increasingly merge IT and OT.[3] While IT systems remain attractive targets, industrial controls, machinery and sensor networks are also in the crosshairs.[4] In many cases, these systems are highly automated, and they control a wide range of activities and assets, from production and quality control to intellectual property and the health and safety of workers.[5]

Threats can arrive in a number of forms, from a variety of sources. These include nation state attacks and criminal organizations using malware or ransomware to sabotage systems and extract data or money. Email phishing, removable media, drive-by downloads at compromised websites, and hijacking open Remote Desktop Protocol ports are some of the common attack methods.

Several large manufacturers have recently faced crippling attacks that used ransomware such as LockerGaga and Ekans/Snake (the latter is specifically engineered to attack industrial control systems).[6] Honda was forced to halt production at auto factories in the U.S. and Turkey, and motorcycle production plants in India and South America, as a result of a ransomware attack in June 2020.[7] In 2019, Norwegian aluminum manufacturer Norsk Hydro suffered an attack that forced the company to switch some operations to manual mode. The company later reported that total estimated losses from the incident exceeded US $40 million.[8]

These ransomware attacks illustrate just how crippling a cyberattack can be. Companies surveyed for Mimecast’s State of Email Security report suffered an average of three days downtime—which, for a manufacturing company, could mean three days of lost production. Attackers may attempt to extract seven-figure ransoms and increasingly threaten to sell or publish confidential information if the ransom is not paid.[9] Of course, there are also indirect costs of a cyberattack, which may include a tarnished brand image and regulatory penalties.

Malware is now able to propagate through local and cloud-based applications, peruse email address books and then spread throughout the organization. Email-borne threats include the  Emotet trojan, which criminals operate as malware-as-a-service to distribute malicious payloads. Attackers may entice users to click on malicious attachments by sending contextualized phishing emails at scale. “This insertion of the malware into pre-existing emails gives the phishing email more context, thereby making it appear more legitimate,” according to the World Economic Forum (WEF).[10]

The WEF also notes the emerging use of artificial intelligence (AI) to launch and orchestrate attacks, predicting that AI-based attacks will learn how to bypass traditional controls and create diversions that draw away attention from an attack, and adapt and scale dynamically—stealthily infecting devices, lurking undetected and unleashing an assault at an opportune time.

How Manufacturing Firms Can Increase Cyber Resilience

Due to their expanding attack surface and the changing cyber-threat landscape, manufacturers need to adapt their cybersecurity strategy, according to Gartner Inc.[11] This is particularly important since, as the WSJ survey indicated, manufacturing firms typically lag behind other industries in implementing essential security safeguards.

A multi-pronged strategy can increase the ability to prevent attacks and respond effectively to incidents. A focus on OT systems that are linked to networks is crucial, according to Gartner Inc.,[12] which says there is “a fundamental need to intervene at the network level, and particularly, to enforce network segmentation to better control access to critical OT systems.”[13] Elements of this strategy include OT asset discovery/monitoring and OT vulnerability management security tools as well as traditional controls such as VPNs/firewalls, intrusion detection, network access controls, and email security products.

Key pieces of the puzzle include understanding and classifying data in order to assign protection commensurate with the risk; devising a sound backup strategy, including storing critical data offline; creating an incident-response plan; and focusing on cyber awareness training, including recognizing dangerous emails and links. A strategic response also includes aggressive patch management, device and app controls, an OT endpoint inventory and application controls. It’s critical to constantly monitor business systems and ensure that controls match changing requirements.

The Bottom Line

The manufacturing sector is a prime target for cyberattacks because the stakes are exceptionally high. Unfortunately, many industrial companies have not updated their cyber resilience playbook to address evolving attack methods, and lag behind other sectors in implementing key cybersecurity controls. By building out a robust multi-layered cybersecurity infrastructure linking IT and OT, manufacturers can better position themselves to address the challenges and risks of today’s rapidly changing security landscape.

[1] “Ransomware Crushes Another Manufacturing Industry Target,” Acronis.

[2] “Which Industries Aren’t Ready for a Cyberattack?,” Wall Street Journal.

[3] OT Security Best Practices, Gartner.

[4] “Cyber attacks targeting industrial control systems on the rise,” ComputerWeekly.com

[5] “Global cybersecurity risks in the manufacturing industry.” WillisTowersWatson

[6] “Snake ransomware poses unique danger to industrial systems,” TechTarget.

[7] “Honda Halts Output at Some Plants After Cyberattack,” Bloomberg.

[8] “Norsk Hydro switches its operations to manual mode after LockerGoga ransomware attack,” Cyware Social.

[9] Ibid.

[10] “3 ways AI will change the nature of cyber attacks,” World Economic Forum

[11] OT Security Best Practices, Gartner.

[12] “Deliver Comprehensive Cyber Security Guidelines for Operational Technology,” OTCS Alliance.

[13] Ibid.