Some industries, like financial services and healthcare, have been targets of cyberattacks since day one. For years, manufacturing seemed far less interesting to hackers, and even C-suite executives at these companies weren’t particularly worried about the risk of attack. However, all that’s changed now that the Internet of Things (IoT) dominates production systems across the manufacturing industry. Although these devices have helped to usher in the era of “smart” manufacturing, they’ve also dramatically expanded the attack surface across global manufacturing systems. One study revealed an average of 5,200 attacks per month on IoT devices in 2018 alone.
Cyberthreats like NotPetya, WannaCry, Stuxnet, and EKANS are constantly evolving and targeting companies in every industry around the world. But the biggest risk to manufacturing companies is that few of these organizations are truly prepared to counter these types of threats. Here are some of the top risks manufacturers face today:
- Extended downtime: While intellectual property theft and ransomware are big threats to any company, the consequences of a major attack are often unique and can be devastating. For instance, a single attack could shut down a plant’s operations or even reconfigure machinery to produce faulty products without anyone realizing it until the human and business costs have skyrocketed. Although the true cost of downtime is hard to quantify, many factories lose an average of 5% to 20% of their productivity due to downtime.
- Longer recovery time: Consider that many manufacturers are actually smaller companies that produce parts for larger global enterprises. These smaller manufacturers often lack mature IT security practices to prevent a cyberattack, which not only makes it easier for hackers to infiltrate their systems, it may also make it much harder for these companies to restore operations impacted by a cyberattack.
- Loss of trade secrets: A manufacturing company’s systems and processes are often closely kept trade secrets. Guarding this information is not only critical for safety but also necessary to protect the company’s competitive advantage. However, the widespread use of always-on IoT devices offers bad actors countless ways to access devices and systems. Once hackers have gained access, they can potentially hack into the cameras in computers and mobile devices to surveil a physical location. They may also be able to gain access by stealing a third-party vendor’s credentials, which is why manufacturers must gain tighter control over their vendor privileged access management.
- Breach of customer confidentiality: For many hackers, customer data is a goldmine, which is why these systems are so frequently attacked. In one instance, cybercriminals breached a manufacturing company’s customer information system and installed malware that remained active for an entire year. The hackers were able to extract volumes of highly confidential customer data such as name, billing address, telephone number, payment card number, expiration date, and verification code. The malware was specifically designed to access victims’ shopping carts to access these details.
- Loss of reputation: Once a company’s data has been breached and customers have been impacted (either through production delays or loss of personal information), it’s extremely hard for a company to rebuild those relationships. The larger the deal, the larger the impact outages and delays can have on delivery dates across the supply chain. For manufacturers working with larger customers, a cyberattack that shuts down production can destroy not just the revenue from the deal, but also cause more financial damage from missing contractual agreements. While a company or customer may be entitled to compensation from a manufacturer, it’s much harder to repair the damage to a brand in a highly competitive and high-demand industry.
The good news is, there are solutions to help reduce the threat of malicious attacks through outside or third-party entities such as manufacturing partners and vendors. Stay tuned for our next blog, “Improve security in manufacturing with vendor privileged access management” to find out how!
In the meantime, to learn more about the risk of cyberattacks on manufacturing systems, download our infographic “The Top Remote Access Threats in Manufacturing.