How the Manufacturing Threat Landscape Has Evolved
According to the 2021 Microsoft Digital Defense Report, the manufacturing sector is now among the top three targets for ransomware.
Sophistication of threats targeting the manufacturing industry is increasing. The valuable data in the industry make it a major target for more advanced threat actors, and advanced techniques by e-criminals and sponsored nation-states have both grown more prevalent in the years following the pandemic.
Adversaries continue to show that they have moved beyond malware. Attackers are increasingly attempting to accomplish their objectives without writing malware to the endpoint. Rather, they have been observed using legitimate credentials and built-in tools in a deliberate effort to evade detection by legacy products such as antivirus software.
Many industrial organizations are not ready for this new wave of attacks, nor are they aware of present vulnerabilities and active threats existing within their environments. Legacy systems are often unsecured, but a lack of compatibility of updated technology discourages manufacturers from upgrading to newer, more secure control systems.
Costs and consequences of a manufacturing sector cyber attack
Failure to secure against these evolved cyber threats can have real-world safety consequences for manufacturing companies.
According to Threatpost, manufacturers can expect the cyberattack itself to cost about $1.7 million. This includes “unexpected budget expenditures and drops in stock values,” as well as the cost of remediating the immediate problem. Secondary losses include reputational damage, regulatory fines, lost production time, customer disruptions and churn, and extra staffing and overtime costs.
Key Security Threats to Manufacturers
Plants, production goods, and the entire manufacturing industry are becoming increasingly connected. This generates significant amounts of data on all levels and enables data-driven decisions in real time. Digital shifts in manufacturing have helped create more efficient operations, but have also introduced new, more pronounced cyber risks.
Industrial Espionage & IP Theft
Manufacturing is the number one industry targeted by cyberespionage, and manufacturing trade secrets are the most breached data type.
Phishing, Malware, Ransomware
In recent years malware attacks on manufacturers have been frequent and severe. Attacks have considerable financial costs and result in significant lost production time while attacks are underway.
Changing Regulatory Frameworks
Manufacturers must stay vigilant about changing regulatory standards. Many organizations have been slow to make the required improvements to ensure data and cyber security, and failing to keep up means higher cyber risks and as well as punitive charges.
NEXT STEPS
How Soteryan Keeps Manufacturing Companies Secure
Each industrial company has a unique ICS/OT configuration, which requires a tailored solution.
Soteryan follows a multi-step model to evaluate the threat landscape of an individual manufacturer and build a robust cyber security program:
- Begin with threat modeling
- Identify all assets
- Assess supply chain risks
- Get up to date with regulatory compliance
Soteryan Solution