Cyber-attacks continue to be a growing concern for every business sector, and in the last two years it has become an increasing problem for the manufacturing industry. In 2020 manufacturing was the second most targeted industry, with the average breach taking 220 days to contain, making it one of the longest threat cycles in any industry.
In June 2020, Lion Australia, brewery and producer of dairy products, was hit by two ransomware attacks within 10 days of each other, forcing the brewery to halt production. The ransom demanded was in excess of $1 million. A year later, the world’s largest meat processor JBS USA Holdings was hit by a ransomware attack and paid USD11 million in bitcoin to allow their systems back up and running. JBS Australia, the largest meat and food processing company in Australia, was disrupted by the attack and forced to close 47 meat processing plants around the country as a result.
Only a decade ago, cybersecurity breaches in manufacturing were almost unheard of, but today there is an alarming trend of increased industrial cyber incidents. Manufacturing has become a high value target for cybercriminals.
The costly impact of cyber-attacks on manufacturing
Manufacturing can be as vulnerable to the impact of cyber-attacks as many other industries. The disruptions caused by cyber-attacks can halt assembly lines and disrupt supply chains, leaving manufacturers unable to meet production demands. This results in a serious backlog and can financially cripple a manufacturing business.
Second, a manufacturer’s digital assets can hold extremely sensitive information, such product designs and intellectual property with incalculable value. This extremely valuable data is prized by cybercriminals and makes manufacturers a prime target for a data breach.
The other main area of concern that makes manufacturing so sensitive to cyber-attack is the interconnectedness of legacy operational technology and information technology systems.
Digitalisation of processes is exposing operational technology (OT) systems to the internet with inadequate network security, making them extremely vulnerable to being hacked. Where OT systems monitor and control ongoing and continuous production processes, it is almost impossible to take them offline to analyse and perform upgrades. Security teams are struggling to safeguard OT assets using the same tools for IT infrastructure, as it is challenging to attain visibility with OT systems to determine where vulnerabilities are, and then counteract them. As the OT/IT threat attack surface increases, security teams are trying to keep up with escalating operations tasks, such as threat detection, investigation and response, and risk mitigation.
While manufacturers have remained less energised about cybersecurity in the past, it will become something they must address urgently or face legal consequences.
The Australian government recently introduced updated legislation to extend the scope of what is considered critical infrastructure. This includes companies involved in data storage and processing, water and sewerage, food and grocery, transport, and critical manufacturing. This will mean a range of manufactured goods will become critical and the Australian manufacturers that produce these goods will be subject to legislation and security compliance requirements.
What does this mean for manufacturers and cybersecurity?
Appropriate protection of manufacturers will need a novel approach, involving advanced security tools to provide intense levels of cybersecurity protection. The complexity of OT systems can be addressed by taking a proactive approach to modernising, which takes time and strategy to allow for production downtime while system changes are made.
However, a robust and secure OT/IT network environment will reduce a company’s attack surface, with fewer potential targets to attack and gain access to the network, and therefore reducing the success of cyber threats.
Mitigate cybersecurity risk in manufacturing industry
In order to make cybersecurity in the manufacturing industry a priority, there are a number of steps to take:
Cybersecurity solutions is not a one-and-done situation, it requires ongoing risk management and strategy for the future. As technology continues to evolve, cyber-attacks will continue to increase as malicious actors leverage the same technology. Cloud computing has advanced manufacturing capabilities with a constantly changing global supply chain, so cloud security is an important consideration.
Manufacturers should invest in modern security systems and tools, and work with experts in cybersecurity to find solutions that compliment their unique business situation. Manufacturing organisations should evaluate now how they’re addressing the dangers of cyber threats and attack at every operational level, and allocate sufficient resources.
Create a secure foundation for the future and talk to the security experts at RODIN. With a focus on employee training, risk mitigation, and security compliance, RODIN’s industry leading cybersecurity services have the solution you need.