The manufacturing industry — including, but not limited to, automotive, electronics, food and beverage, textile and pharmaceutical companies — was the third most attacked sector in 2016, according to the 2017 IBM X-Force Threat Intelligence Index. In fact, the number of security incidents, which are attacks or security events reviewed by IBM security analysts and deemed worthy of deeper investigation, was almost 40 percent higher than the average across all industries.
Figure 1: Comparison of organizations monitored by IBM for 2016, cross-industry clients versus manufacturing sector clients (Source: IBM Managed Security Services data, Jan. 1 to Dec. 31, 2016).
The Manufacturing Security Picture
The top attack vector targeting manufacturing clients monitored by X-Force in 2016 was attacks incorporating malicious input data such as SQL or command injection. This vector accounted for 74 percent of the attacks, which was notably higher than the cross-industry average of 42 percent.
It’s not surprising, then, that there are considerably more outside threats than insider attacks targeted the manufacturing sector — 91 percent outsiders to 9 percent insiders. The outsiders could include well-funded fraudsters, organized crime groups and nation-state actors.
This view of the manufacturing security landscape, however, differs from the one generated from publicly disclosed incidents. Very few manufacturing sector incidents were revealed in 2016. This led IBM X-Force researchers to suspect some underreporting, perhaps because manufacturing is not as tightly regulated as industries such as financial services, health care and retail. However, the cybertheft of trade secrets from one of the world’s largest steelmakers is evidence that the threat to manufacturers’ intellectual property and operating information — this industry’s crown jewels — is very real.
Review Best Practices
A new IBM research paper focuses on the top attacks detected against the manufacturing sector. Since the No. 1 manufacturing security threat involved the use of malicious input data, centralized patching and data input sanitization are essential. We recommend reviewing the report for other best practice guidelines.