Cyberattacks on manufacturing firms are increasing. Rapidly. According to NTT's recent Global Threat Intelligent Report, the manufacturing industry saw a 300 percent uptick in attacks over the last year, outpacing both healthcare (200 percent) and finance (53 percent) by a wide margin.
The sheer volume and variety of attacks, however, means that manufacturing companies must prioritize protective response to keep production lines up and running. Here's a look at the top four cyberattack in manufacturing — and how MSSPs can help mitigate their impact.
1) Data Exfiltration
In data exfiltration attacks, malicious actors breach manufacturing networks and steal key data. In some cases, they may share product or process data to devalue current operations — in others they sell this data to the highest bidder. In both cases, the loss of data can have significant financial impacts for manufacturing firms. Consider the case of Titan Manufacturing and Distributing, which experienced a year-long network compromise that exposed the data of more than 1,800 customers.
Managed security service providers (MSSPs) can help reduce data exfiltration risk with continuous vulnerability scanning and detection to catch potential problems ASAP.
2) Ransomware
Ransomware attacks continue to rise because they work. If cybercriminals can encrypt operational data, manufacturing firms will often choose to pay rather than run the risk of lost productivity. Even if data is recovered, however, the costs are still substantial: Norwegian aluminum company Norsk Hyrdo held the line but still ended up losing nearly $75 million once lost revenue, malicious code removal and network remediation costs were tallied.
Here, manufacturers can benefit from MSSPs familiar with both current ransomware tactics and evolving techniques to help pinpoint and eliminate suspicious code.
3) Phishing
Social engineering and online reconnaissance now informs manufacturing industry phishing attacks — hackers create seemingly legitimate emails which ask staff or C-suite executives to take specific action. For example, front-line staff might be prompted to click through on password recovery or reset links that instead trigger malware downloads or capture access credentials.
C-suite members, meanwhile, may by convinced to transfer massive sums of money — that's what happened to aircraft parts manufacturer FACC, which lost $61 million to a phishing scam that targeted the CEO and CFO. MSSPs can help mitigate the impact of phishing attacks by deploying active email protection solutions that filter out obvious attacks and prevent users from clicking through on potentially malicious links.
4) Insider Attacks
Manufacturing firms now rank among the top five industries for insider attacks — according to Industry Week, the average cost of an insider attack in manufacturing is $8.8 million. While there attacks are often caused by the accidental misuse or sharing of data by well-meaning employees, the results are significant: Beyond the cost to remediate damage and repair security issues, companies may also face reputation loss tied to lack of consumer and partner trust.
By deploying, integrating and supporting robust identity and access management (IAM) tools, MSSPs can cut down both the total number of potential attacks and their overall impact.
While it's impossible to eliminate the risk of manufacturing cyberattacks, security approaches that combine situational awareness with activate mitigation efforts can help reduce the risk of operational downtime, data loss and reputation damage.
Kevin Lemieux is senior sales director at RedSeal. You can read more RedSeal blogs here. Regularly contributed guest blogs are part of MSSP Alert’s sponsorship program.
