With manufacturing cybersecurity threats on the rise, what should companies know about protecting their digital assets in the future? 

Risks to Security in Manufacturing

The number of ransomware incidents involving the manufacturing sector increased 156% between the first quarters of 2019 and 2020. Later in 2020, ransomware actors demanded $17 million from a laptop maker and $34 million from a Taiwanese electronics contract company.

Ransomware isn’t the only threat to manufacturing cybersecurity. Where there’s ransomware, there’s almost always phishing. One campaign that targeted manufacturers, among others, was part of a larger effort to target the COVID-19 vaccine cold chain.

The issue with both ransomware and phishing is digital attackers can use these threats to steal their victims’ data. Malicious actors could compromise a manufacturer’s customer database and leverage those details to conduct follow-up attacks, such as manufacturing data breaches. Or, they could establish a foothold within the network and use that access to scout it out. They could then choose to sell that opening to a competing group, criminal enterprise or nation-state actor. They also could use it to conduct an attack of their own that could compromise business processes.

 IT-OT Convergence’s Role in Security Risks 

What’s important to note is the impact that these manufacturing cybersecurity issues could have on a business. For years, the impact was minimal. Manufacturing and other industrial sectors had no need to connect their industrial control systems (ICS) to the internet. At that time, the web was still growing. What they needed to do was make sure the physical processes that those ICS were watching were available. So, they kept them offline and away from threats that were beginning to take form.

Now, most businesses have a digital presence. Manufacturing cybersecurity needs are no different. They want real-time data, so they can monitor the state of their physical processes. This helps them perform preventive maintenance on equipment and minimize downtime. In order to do this, operational technology (OT), of which ICS are a type and information technology, are brought together. Manufacturers are turning to the Industrial Internet of things (IIoT) as a means of using the IT side of things to gain crucial insights into the way their OT is functioning.

But, there’s a problem. Many OT assets aren’t equipped to defend against today’s threats. Some of those assets are decades-old legacy systems that use proprietary protocols to talk to one another. As such, they can’t easily receive remote updates unless the owners take them offline. But doing that threatens the uptime of their physical processes. This makes it difficult for businesses to keep these assets secure as they go online via the ongoing IT-OT convergence. No doubt this contributes to the growth of digital threats confronting the industry, as discussed above.

Best Practices To Adopt To Combat Security Risks

It’s possible to overcome the challenges posed by security issues in the manufacturing industry. Business leaders just need to bring IT and OT together with a bit of care.

  1. First leverage the C-suite to clarify the roles and responsibilities of both IT and OT teams. They can then use pilot programs and cultural exchanges to slowly begin fostering teamwork between IT and OT. Plus, they can teach teams to share their challenges, needs and viewpoints with one another.
  2. Augment defenses of your entire system by:
    • Take inventory of all of your devices. Use that to determine which assets are most important.
    • Segment your network in a way that cuts down on risk — to legacy systems most of all — but still allows IT and OT to work together. These segments then give teams smaller sections within which they can implement network access controls along with network monitoring in order to defend against ransomware, phishing and other digital threats.
    • Use vulnerability management to patch all of the security weaknesses you can without taking key industrial assets offline.

Through due diligence like this, manufacturing cybersecurity problems can be solved.

More from Risk Management

How TikTok is reframing cybersecurity efforts

4 min read - You might think of TikTok as the place to go to find out new recipes and laugh at silly videos. And as a cybersecurity professional, TikTok’s potential data security issues are also likely to come to mind. However, in recent years, TikTok has worked to promote cybersecurity through its channels and programs. To highlight its efforts, TikTok celebrated Cybersecurity Month by promoting its cybersecurity focus and sharing cybersecurity TikTok creators.Global Bug Bounty program with HackerOneDuring Cybersecurity Month, the social media…

Roundup: The top ransomware stories of 2024

2 min read - The year 2024 saw a marked increase in the competence, aggression and unpredictability of ransomware attackers. Nearly all the key numbers are up — more ransomware gangs, bigger targets and higher payouts. Malicious ransomware groups also focus on critical infrastructure and supply chains, raising the stakes for victims and increasing the motivation to cooperate.Here are the biggest ransomware stories of 2024.Ransomware payments reach record highRansomware payments surged to record highs in 2024. In the first half of the year, victims…

83% of organizations reported insider attacks in 2024

4 min read - According to Cybersecurity Insiders' recent 2024 Insider Threat Report, 83% of organizations reported at least one insider attack in the last year. Even more surprising than this statistic is that organizations that experienced 11-20 insider attacks saw an increase of five times the amount of attacks they did in 2023 — moving from just 4% to 21% in the last 12 months.With insider threats on the rise, it’s critical for businesses to recognize the real dangers that originate from inside…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today