Inevitably the manufacturing sector has transformed and will continue to develop into a digitally dependent enterprise implementing advanced technologies such as robotics, AI, Internet of things and augmented reality. As such, the manufacturing sector has become increasingly affected by the frequency, complexity and severity of cyber-attacks. In response, this week’s message looks at the reasons why the manufacturing sector is such an important high-value target, the type of attacks it’s experiencing and the mitigations required to protect it and prevent cyber breaches.
Why is the manufacturing sector a key target?
According to IBM, manufacturing was the second-most attacked industry in 2020, up from eighth place in 2019, second only to financial services1. The sector is continually facing an onslaught of cyber attacks as a result of an increased digitalisation ecosystem, global competition and interconnectivity. This has contributed towards 48% of UK manufacturers experiencing a cyber security incident in 2020, half of whom suffered financial loss or disruption to business-as-usual activities3.
Interestingly, the majority of manufacturers are SME’s who do not have established IT security practices in place to mitigate the affects of a cyber attack. In fact, 12% of manufacturers do not have preventative measures in place to counter the rapidly increasing cyber landscape3. Thus, the combination of increased digitalisation, valuable data and insufficient cyber protection to name a few has led to the sector being increasingly exposed to ‘threat actors’ and their sinister and more often than not criminal intentions.
Type of attack
In 2020, 29% of cyber attacks in the UK targeted the manufacturing industry4, and sophisticated ‘nation state actors’ made up 38% of global breaches in the manufacturing sector according to F-Secure5. The preferred attack method (Ransomware), accounted for 23% of manufacturing cyber incidents according to the DBIR 20206.
In 2020, the number of publicly reported ransomware attacks on manufacturing entities had more than tripled compared to 20197. Ransomware is especially costly to manufacturing as it has the ability to disrupt not only the manufacturer but the whole logistical supply chain. Findings from market research firm; Aberdeen suggest the average cost of unplanned equipment downtime was $260,000 per hour8.
Case study: How a ransomware attack cost one firm £45m
On 19 March 2019, Norsk Hydro was hit by a highly sophisticated Ransomware attack, impacting operations across the world. According to F-Secure “The attack began with a simple email exchange between a company employee and customer. Unfortunately for Norsk Hydro, cyber criminals had infected an email attachment from this customer with a Trojan installer. The attackers first infected the employee’s computer, then other users, before finally gaining administrator credentials. Once they succeeded in doing this, they were able to use Norsk Hydro’s domain controllers to deploy LockerGoga ramsomware”.
The attack compromised 22,000 computers across 170 different sites in 40 different countries, causing affected devices to display a message: “Greetings! Your files are encrypted with the strongest military algorithms9.”
Production lines switched to manual functions and the entire workforce of 35,000 people had to resort to pen and paper to conduct business tasks. It is estimated that a full recovery cost more than £45 million.
Mitigation
Increasing connectivity, use of digital computation, shared networks and off-site data storage provides potential for a significant improvement in manufacturing productivity, efficiency, quality, and costs. However, the cyber risks associated with Industry 4.0 and interconnectivity mean a comprehensive approach to cyber-security is not something that manufacturers can afford to ignore. Manufacturers should take appropriate steps to protect themselves, their customers, and suppliers.
The first step in protecting the manufacturing sectors’ IT infrastructure is to understand the threats. Cyber security audits are a valuable tool for manufacturers that have yet to identify external risks, the vulnerabilities, their threat exposure rating or simply lack sufficient information to confidently assess their specific risks.
KryptoKloud’s bespoke and affordable cyber resilience audit; COBRA possesses the capability to identify and assess your business vulnerabilities and risks, and provides you with a comprehensive report highlighting potential weaknesses, a risk rating and a Remediation Plan to protect your business from cyber threats.
To learn more about COBRA and the suite of KryptoKloud services click here or contact us directly.
References
1 https://www.ibm.com/uk-en/security/data-breach/threat-intelligence
3 https://www.makeuk.org/insights/reports/cyber-security-for-manufacturing
4 https://researchbriefings.files.parliament.uk/documents/SN01942/SN01942.pdf
8 https://enterprise.verizon.com/resources/reports/2020-data-breach-investigations-report.pdf