July 2, 2019

Like most sectors, manufacturing has spent the last decade rapidly going digital.

With the move comes increased capability and efficiency – but at a cost.

Production machinery has been networked, product plans have moved from the drafting board to computer assisted design, AI and machine learning are being used to automate processes and measure efficiency. Meanwhile, the internet of things is being applied to everything from pallets to packaging.

That makes manufacturing companies – small and mid-size organizations in particular –more susceptible to cyberattack and data loss.

A 2016 survey by Marsh & McLennan found that 50 percent of SME manufacturers had experienced a cyber-attack, and that as a sector, manufacturing was increasingly on the cybercrime radar.

There are two reasons why:

  • Their traditional targets like banks and tech companies have improved their security, so cybercriminals need to widen their net.
  • Manufacturing companies have made themselves attractive to attackers thanks to their expanding data warehouses, and the potential vulnerabilities that grow out of the sector’s rapid transition to digital.

What are manufacturing companies up against?

As a sector manufacturing is still considered a laggard in cybersecurity terms. Because their systems were amongst the last to be networked, investment in cybersecurity hasn’t always kept pace with the rapid move to ‘Industry 4.0’ digital systems and processes.

Meanwhile they’ve been building up a store of digital assets in categories like FCMG, pharmaceutical, chemical, and defence that include R&D, patent, and other intellectual property secrets. That data cache makes them an attractive target for attack.

Data from Trend Micro suggests that the use of legacy software like Microsoft Windows XP is still common in manufacturing environments. As a result, cybercriminals may find it easier to breach out-of-date systems with well-known vulnerabilities.

Researchers even noted that old malware like 2008’s Downad (aka Conficker) worm is still being detected in manufacturing.

Another issue in manufacturing is timely patching and updating.

Since manufacturing systems are directly linked to revenue and expected to be operated with minimal disruption, some companies may see regular security patching as a luxury that interferes with normal, profitable operation.

And because many industrial control systems used to run physical plant machinery are designed to operate in geographically or physically isolated environments, cybersecurity planning for these systems may not be a priority.

Making the leap from digital to mechanical

The return in March of the Triton virus serves as a stark reminder that the vulnerabilities in manufacturing systems can extend beyond servers, databases, and PCs.

Triton is a powerful malware that first popped up in the industrial control mechanisms of a Saudi oil and gas plant back in 2017. Infected systems included physical controllers and associated software designed to kick-in when dangerous conditions were detected. They could stabilise processes by closing valves and triggering pressure-release mechanisms, or shutting machinery down completely.

Cybercriminals had got their virus into plant systems that didn’t hold information of any particular commercial value – but which would have been the last line of defence against a life-threatening disaster.

In the worst-case, Triton’s rogue code could have caused toxic hydrogen sulphide gas to be released, or set off a cascading set of mechanical failures to trigger an explosion.

The Insider threat

Because they now have such large stores of data and intellectual property, manufacturing firms are highly susceptible to the insider threat – breaches caused by malicious staff or contractors, or most commonly, by simple error and neglecting to follow the rules.

According to the Ponemon Institute, security breaches caused by insiders cost the average business as much as £6.9 million per year — more than twice the average cost of other breaches. says insiderthreats are the source of 60 per cent of cyber attacks. Freedom of Information requests sent to the UK Information Commissioner’s Office show that employee error caused nearly half of all breach incidents reported over the last three years.

With their access to factories and systems, insiders have the power to leak intellectual property, disrupt operations, damage company reputation, and expose sensitive information to third parties. This can happen maliciously, or as a by-product of carelessly sharing passwords, clicking questionable email links, or leaving memory sticks lying around factory desks.

Security Awareness Training in Manufacturing

Better training is essential across the manufacturing sector to stop both the intentional and unintentional types of insider threat. From factory floor to back office and C-suite, all employees need to be aware how their own actions can enable a breach.

Harvard Business Review has said that better training is the best cyber security investment a business can make. That includes training for everyone from executives to employees, but should also take into account ‘outside insiders’ like contractors, consultants, and trusted vendors.

With the frequency of insider incidents on the rise, training designed to address insider threats needs to become a standard part of manufacturing sector security awareness programmes. Embedding personal cyber sensitivity in staff and supply chain partners will go a long way to mitigating and containing incidents.

Want to learn more about empowering your employees security defences?  Why not sign up for a free demo and find out how we’re already helping organisations just like yours.

Share this: