Why manufacturing remains firmly in the sights of cybercriminals

The manufacturing industry is amongst the vertical markets that have seen the most disruption as a result of digital transformation. Over the past decade, technological advancements and enhanced connectivity have enabled manufacturers to increase their efficiency, productivity and accuracy.

Manufacturing market challenges

While the benefits of digitisation have aided the sector, which has historically been held back by outdated systems, it has also presented challenges, including an increased threat from cybercriminals.

There are two key challenges inherent to the manufacturing industry that are worthy of particular attention. The first of these is third-party risk. The combination of supply chain integration with the degree of automation and digitisation seen in the manufacturing industry has resulted in a ‘perfect storm’ of risk factors that is spurring security incidents. This results from the expansion of access to applications and data by third parties and the lack of visibility and authority over the security practices and controls of those third parties.

The second manufacturing-specific security challenge is the expansion of the attack surface through the convergence of OT with IT, as well as the rollout of IoT and IIoT devices. Here, the prevalence of often outdated assets – potentially carrying multiple vulnerabilities – alongside the lack of visibility that security teams can gain into industrial environments, which are rapidly becoming network-connected and therefore exposed to a much stronger degree of risk, represent a significant increase in the level of risk faced by manufacturers.

The risks of ransomware

Another growing risk faced by manufacturers is ransomware. According to the Orange Cyberdefense’s most recent Security Navigator report, the manufacturing industry suffered over 23% of the ransomware – or ‘cyber extortion’ – incidents collected from January 2020 to October 2021. These attacks are a form of cybercrime whereby the security of a corporate digital asset is compromised and its confidentiality, integrity or availability is exploited in a threat of some form to extort payment.

Cybercriminals often use a ‘double extortion’ approach and leak samples of stolen data on the dark web to expedite payment demands. Double extortion attacks increased almost six-fold between the first quarter of 2020 and the third quarter of 2021. In addition, Ransomware-as-a-Service (RaaS) cybergangs are going to even greater lengths to get victims to pay up, including launching distributed denial-of-service (DDoS) attacks, emailing clients and auctioning off stolen data.

One area of manufacturing that has been hit hard includes those companies that are responsible for the production of semiconductors and microchips, essential components of electronic devices. The Covid-19 pandemic led to a widespread shortage of chips and subsequently impacted production in sectors such as the automotive industry. Jaguar Land Rover said the issue was partly to blame for a £9m loss in the last three months of 2021.

Alongside these challenging market conditions, chip manufacturers came under the spotlight of hackers. In February, it was reported that America’s biggest microchip company, Nvidia, was hit by a cyberattack that impacted email systems and developer tools. Other chip manufacturers that reportedly fell victim to similar attack include Taiwan’s TSMC and Tower Semiconductor of Israel.

There are several reasons why manufacturers are a particular target. Cybercriminals may believe that these firms will be more likely to pay a ransom due to the critical nature of their businesses and a lack of appetite to interrupt operations. Or it may be that their cybersecurity posture and ability to recover from a cyberattack is typically not as robust as in other sectors. It could also be that the size of the industry overall makes it more prevalent or attractive for hackers. However, the more likely reason is that manufacturers are simply not prepared to deal with a cyberattack.

Back to basics

To achieve robust cybersecurity, while plenty of sophisticated solutions are available, manufacturers are advised to begin with the security fundamentals. It is crucial that employees are aware of the threat that they face and the importance of adopting good security hygiene behaviour. Simple measures, such as avoiding opening attachments or clicking on links unless they are from a legitimate source, can go a long way to reducing the risk of ransomware infiltrating the network.

Secondly, organisations must be sure to prioritise patch management as updating and ridding key systems of any potentially catastrophic vulnerabilities can prevent many breaches before they even occur.

Finally, it is critical to adopt a ‘defence in depth’ strategy, ensuring a consistent approach to security across all control points. For example, the ability to combine endpoint protection – where modern detection-centric techniques can identify unusual and unwanted behaviour and quarantine the associated assets – with network security – that prevents malicious traffic from proliferating ‘east/west’ across the organisation – can help to contain a security breach.

Through these measures, and the right combination of safeguards, I believe we will observe a shift in the security of manufacturers, and reduce the risk a calamitous cyber breach in the future.

- The author, Dominic Trott, is UK Head of Strategy at Orange Cyberdefense.

Back to Homepage

Back to Technology & Innovation