The Manufacturing Industry: An Executive Perspective on Cyber Risk
Welcome to the fourth installment in our series sharing cybersecurity executive views across industries. In this post, we will take a deep-dive into the manufacturing industry.
Safety, for both end-users and workers, has historically been a top-risk concern and focus for manufacturers. While that concern still remains a top priority, the directors and executives of the manufacturing industry are concerned about potential strategic and operational impacts to their business as a result of the emergence of disruptive and innovative technologies – often referred to as “Industry 4.0,” or the “fourth industrial revolution.” According to the 2018 study published by Protiviti and North Carolina State University’s ERM Initiative, the digitization of the manufacturing industry has topped the list of risk concerns for the industry’s board directors and C-suite executives. Cyber risk is inherently related to the technological advancements and digitization of the manufacturing industry, and the industry at large has attracted a variety of cyber threat actors. According to Verizon’s 2017 Data Breach Incident Report, manufacturing industry was responsible for 620 incidents in 2016 and 124 of those incidents were confirmed as data breaches.
KEY STATISTICS ABOUT MANUFACTURING BREACHES
- $259 is the U.S. per capita cost per data breach within the manufacturing industry, slightly above the overall average cost of $225.
- $149 is the global per capita cost per data breach within the manufacturing sector.
- 176 days time spent on an organization’s network on average to detect an incident; an additional 54 days on average to contain it.
WHY ATTACK A MANUFACTURING ORGANIZATION?
Espionage is the number one motivating factor for threat actors targeting the manufacturing industry. Whether targeted for sensitive trade secrets (intellectual property) or investment strategies (key bids/contracts or acquisitions), nation states, sophisticated cybercriminals, and insider threats have actively and successfully targeted manufacturers. It is important to note that 94% of manufacturing breaches were defined as espionage and attributed to state-affiliated actors.
Manufacturers have troves of valuable information, which like other industries covered in this series, is the primary reason organizations threat actors attack.
WHAT ARE THE KEY CHALLENGES?
The top two challenges manufacturing organizations face are defending against both cyber-espionage and privilege misuse. Cyber threat actors motivated to conduct espionage provide an extremely difficult challenge to address. Dealing with a nation state threat, such as the Chinese government using cyber tactics to steal your trade secrets, is a daunting challenge: how can one company defend against the skills and resources of the People’s Liberation Army? And what about potential insider threats who are looking to sell your trade secrets, or keep them as a parting gift when they accept a higher paid position with a competitor? Privilege misuse is commonly used by insiders (81% of the time) and allows them to use their privileged access to steal corporate data. These risks are difficult challenges to manage, but they represent the everyday reality for manufacturers.
And like most industries, manufacturing also struggles to defend against social engineering tactics such as phishing, which represents 64% of malware attacks across the manufacturing industry. It is important for organizations to educate their employees on what to look for when viewing emails in order to prevent an attack from occurring within their systems.
NOTABLE INCIDENTS & BREACHES
In April of 2016, Thyseenkrupp AG, a German Steel Company, routers were attacked by hackers located in Southeast Asia that caused an outage for nearly one million customers. Hackers attacked the organization and “stole project data and technical trade secrets from the engineering division” which included parts of the production and manufacturing plant. The attackers may have been interested in Thyseenkrupp’s intellectual property because it is one of the larger suppliers of steel in Germany for automotive and other manufacturers.
The following year in October of 2017, Merck, a U.S. pharmaceutical company, was attacked using ransomware. The destructive cyber attack halted operations in several critical sectors of the company, including manufacturing, sales, and research. The NotPetya attack cost Merck more than $300M in operating loss for its third quarter revenues (approximately $135M from lost sales and $175M in costs) by disrupting its worldwide operations. Even five days after the cyber attack, Merck had yet to fully be able to restore its active pharmaceutical ingredient operations.
TAKING ACTION: TOP 3 MUST-DOS
Senior business leaders in the manufacturing industry need to ensure that they have a thorough understanding of the cyber threats they face, identify what information and data are most critical to their businesses, and then implement the proper policies and controls to reduce risk posed by a variety of cyber risk scenarios. Here are some immediate recommendations:
Know and defend against the threat: Understand and better defend against cyber threats by registering your company as a member of an Information Sharing and Analysis Center (ISAC). ISAC members share and coordinate cyber threat information with one another and with government organizations. To actively defend your organization from cyber threats, invest in threat monitoring and cyber threat intelligence services. These services will increase your ability to defend against internal and external threats.
Identify and protect your data: Senior executives must work across the organization to identify the assets that are most valuable to the company and then prioritize the protection of those assets based on potential impacts. Extensive use of encryption and implementing a data loss prevention (DLP) program help to ensure your data is secure and stays within your organization’s control. Furthermore, your company must regularly update its access control lists to ensure employees only access the data and systems necessary to perform their respective job duties.
Get ahead of Industry 4.0 threats: Advancements in technologies, processes, and connectivity have facilitated growth and production for the manufacturing industry. However, with increased connectivity comes increased vulnerability. Insecure connected devices can be hacked to steal company secrets or manipulated to disrupt operations. With 5.5 million new things connected to the Industrial Internet every day, the threat to manufacturing companies is growing at an exponential rate. To manage this growing cyber attack surface, start off by conducting a thorough inventory of all your networks and systems. In addition, ensure that your organization is properly segmenting its networks to prevent broader harm to the organization should one of the networks become compromised.
Is your organization protected against cyber risk? N2K can help with your executive perspective. View our Cyber Resolve seminars, tabletop exercises, and other executive cybersecurity training programs to ensure your team truly understand the risks and the various ways to keep your operations safe from threats.