After the forced shift to remote work in 2020, cloud-computing adoption is still in process and will progress as more people work remotely. The heavy transition to cloud infrastructure has led to the need for more awareness and knowledge in cybersecurity for employees and owners alike.
In March 2022, a survey of 720 IT professionals from all over the globe was conducted via an online questionnaire. This report has helped organizations concentrate their security efforts on what matters and highlight the main obstacles to safe cloud computing.
According to a recent survey of manufacturing businesses:
- Half (51%) of manufacturing companies experienced an attack on their infrastructure within the last 12 months.
- The most common type of attack was phishing, reported by 73% of respondents. Cloud and on-premise infrastructure and endpoints were equally at risk.
- Compared with other industries, the manufacturing sector was more prone to account compromise and supply chain attacks within the last year.
- Some 38% of respondents in the manufacturing sector had to deal with account compromise at least once, while the average for all other industries was 31%.
- Similarly, 19% of manufacturing organizations experienced supply chain compromise, but only 15% of respondents from other verticals reported this type of.
Manufacturing was rarely included in the conversation simply because there was a lack of understanding and communication within the industry. The manufacturing industry is different from other industries directly connected with the outside world. Before technology evolved, manufacturing companies were only connected within a single organization's network with limited internet – making it difficult to connect with organizations or people. Organizations within the medical and financial industries don't have the same barrier due to their public-facing nature. Additionally, the manufacturing companies didn't believe they were appealing to threat actors – they merely didn't believe they had much to offer. However, technology has evolved, and the archaic communication methods within the manufacturing industry are obsolete.
When communication channels changed, so did the cyber threat landscape. Now that the manufacturing industry has no choice but to utilize internet connectivity in various ways, they face the harsh reality that they must prepare to handle the security challenges that come with so many vulnerable endpoints.
Also, the idea that the manufacturing industry didn't have much to offer threat actors is untrue. Companies within the sector have vast information that attackers are just waiting to use as extortion. Companies like Nissan and Norsk Hydro learned the hard way that the industry is not exempt from cyber attacks. Let's look at the top 7 cyber threats within manufacturing and how you can help prevent your organization from becoming another victim.
Why is the manufacturing industry especially vulnerable to attacks? There are several reasons.
- Lack of Owner/Corporate Level Awareness of Risk – All layers within a business should know how to detect and protect from potential cyber threats, especially at the owner/corporate level, since they are typically targeted at a higher level.
- Legacy Hardware – Today’s manufacturing industry is known for using outdated devices. To compromise legacy equipment, attackers would not need to do much work.
- Different IT Infrastructure – Different sets of technologies are used for manufacturing units in separate locations. Each kind of technology may have different hardware and software – causing security frameworks to become fragmented. This means a single security framework will not work for all the systems.
- Industrial Espionage – If a manufacturer has government contracts, they are a prime target for threat actors motivated by cyber espionage. They know that there are certain sectors that will be significantly compromised if they can attack the suppliers and clients related to a particular industry.
- Sizeable Financial Gain – As we mentioned earlier, the manufacturing industry used to believe that they didn't have much to offer attackers. However, that is not true. The manufacturing industry is vast and has a copious amount of sensitive data that can be used for financial gain (credit card information, bank details, data related to financial institutions, and social security numbers). Such data can be sold or used to compromise other networks for ransom.
- Lack of Centralized Visibility – Not having one single platform to view data flow is a great entry point for a threat actor. Attackers can exploit many hidden loopholes and complexities within the fragmented framework.
- Less Secure Encryption Techniques – Because the manufacturing industry primarily focuses on production and distribution, they are sometimes oblivious to cyber security issues. Threat actors know the industry's focus isn't on them, so they exploit the sector's lack of complex encryption techniques and ignorance regarding phishing.
In conclusion, paying close attention to securing all three attack sectors — data, identities, and infrastructure — will reduce the risk of infiltration and its consequences. Here at ICG, we know the ins and outs of securing your network, protecting your data, and providing ongoing support so you can focus on what you do best. We want to partner with you; contact us today to start the conversation.