With manufacturing cybersecurity threats on the rise, what should companies know about protecting their digital assets in the future? 

Risks to Security in Manufacturing

The number of ransomware incidents involving the manufacturing sector increased 156% between the first quarters of 2019 and 2020. Later in 2020, ransomware actors demanded $17 million from a laptop maker and $34 million from a Taiwanese electronics contract company.

Ransomware isn’t the only threat to manufacturing cybersecurity. Where there’s ransomware, there’s almost always phishing. One campaign that targeted manufacturers, among others, was part of a larger effort to target the COVID-19 vaccine cold chain.

The issue with both ransomware and phishing is digital attackers can use these threats to steal their victims’ data. Malicious actors could compromise a manufacturer’s customer database and leverage those details to conduct follow-up attacks, such as manufacturing data breaches. Or, they could establish a foothold within the network and use that access to scout it out. They could then choose to sell that opening to a competing group, criminal enterprise or nation-state actor. They also could use it to conduct an attack of their own that could compromise business processes.

 IT-OT Convergence’s Role in Security Risks 

What’s important to note is the impact that these manufacturing cybersecurity issues could have on a business. For years, the impact was minimal. Manufacturing and other industrial sectors had no need to connect their industrial control systems (ICS) to the internet. At that time, the web was still growing. What they needed to do was make sure the physical processes that those ICS were watching were available. So, they kept them offline and away from threats that were beginning to take form.

Now, most businesses have a digital presence. Manufacturing cybersecurity needs are no different. They want real-time data, so they can monitor the state of their physical processes. This helps them perform preventive maintenance on equipment and minimize downtime. In order to do this, operational technology (OT), of which ICS are a type and information technology, are brought together. Manufacturers are turning to the Industrial Internet of things (IIoT) as a means of using the IT side of things to gain crucial insights into the way their OT is functioning.

But, there’s a problem. Many OT assets aren’t equipped to defend against today’s threats. Some of those assets are decades-old legacy systems that use proprietary protocols to talk to one another. As such, they can’t easily receive remote updates unless the owners take them offline. But doing that threatens the uptime of their physical processes. This makes it difficult for businesses to keep these assets secure as they go online via the ongoing IT-OT convergence. No doubt this contributes to the growth of digital threats confronting the industry, as discussed above.

Best Practices To Adopt To Combat Security Risks

It’s possible to overcome the challenges posed by security issues in the manufacturing industry. Business leaders just need to bring IT and OT together with a bit of care.

  1. First leverage the C-suite to clarify the roles and responsibilities of both IT and OT teams. They can then use pilot programs and cultural exchanges to slowly begin fostering teamwork between IT and OT. Plus, they can teach teams to share their challenges, needs and viewpoints with one another.
  2. Augment defenses of your entire system by:
    • Take inventory of all of your devices. Use that to determine which assets are most important.
    • Segment your network in a way that cuts down on risk — to legacy systems most of all — but still allows IT and OT to work together. These segments then give teams smaller sections within which they can implement network access controls along with network monitoring in order to defend against ransomware, phishing and other digital threats.
    • Use vulnerability management to patch all of the security weaknesses you can without taking key industrial assets offline.

Through due diligence like this, manufacturing cybersecurity problems can be solved.

More from Risk Management

OneNote, Many Problems? The New Phishing Framework

There are plenty of phish in the digital sea, and attackers are constantly looking for new bait that helps them bypass security perimeters and land in user inboxes. Their newest hook? OneNote documents. First noticed in December 2022, this phishing framework has seen success in fooling multiple antivirus (AV) tools by using .one file extensions, and January 2023 saw an attack uptick as compromises continued. While this novel notes approach will eventually be phased out as phishing defenses catch up,…

The Role of Finance Departments in Cybersecurity

Consumers are becoming more aware of the data companies collect about them, and place high importance on data security and privacy. Though consumers aren’t aware of every data breach, they are justifiably concerned about what happens to the data companies collect. A recent study of consumer views on data privacy and security revealed consumers are more careful about sharing data. The majority of respondents (87%) say they wouldn’t do business with companies that appear to have weak security. Study participants…

What Does a Network Security Engineer Do?

Cybersecurity is complex. The digital transformation, remote work and the ever-evolving threat landscape require different tools and different skill sets. Systems must be in place to protect endpoints, identities and a borderless network perimeter. The job role responsible for handling this complex security infrastructure is the network security engineer. In a nutshell, the network security engineer is the person who is responsible for the design and implementation of the organization’s security system, ensuring there are no gaps or vulnerabilities for…

The Importance of Modern-Day Data Security Platforms

Data is the backbone of businesses and companies everywhere. Data can range from intellectual property to critical business plans to personal health information or even money itself. At the end of the day, businesses are looking to grow revenue, innovate, and operationalize but to do that, they must ensure that they leverage their data first because of how important and valuable it is to their organization. No matter the industry, the need to protect sensitive and personal data should be…