As factories and processes become increasingly digitalized, the threat of a cyberattack is growing. With hacking regularly making the headlines — think back to 2017’s WannaCry ransomware attack — you would assume that manufacturers had put safeguarding measures in place to prevent a similar threat from disrupting their operations. However, government research has found that this isn’t exactly the case.
In a survey of the UK’s 350 largest companies, over half (54%) said that cyber threats were the biggest risk to their business. Despite this, 68% of boards said they had not received training to deal with an attack, while one in ten said they have a response plan should an incident occur.
Clearly, UK companies are largely unprepared for the growing possibility of a cyberattack. It seems many believe it is just that — a possibility and not a reality. However, the truth is that cyberattacks are happening to manufacturers now and if you fail to protect your company, you could be next on the hit list.
In this blog post, I will be discussing the growing cyber threat manufacturers are facing, the potential impact an attack can have and how you can safeguard your company.
Why are manufacturers a target?
One report by NTT Security has placed the manufacturing industry as one of the most targeted sectors globally. In Q2 2017, 34% of all documented cyberattacks were aimed at manufacturers, followed by finance in second place with 25%. In fact, data shows that manufacturers have been a particular target of cyber criminals for a number of years now — but why?
The digitalization of manufacturing is no secret, as processes become increasingly driven by Internet of Things (IoT) devices. This shift appeals to hackers, as the potential attack surface increases — more digitally connected devices simply means a greater number of access routes for the attackers. Of course, the intellectual value of the manufacturing industry is also appealing to hackers, which they can then use for financial leverage.
Often, the targeting of the manufacturing industry is simply down to its vulnerability. Manufacturers are constantly striving for efficiencies; while many will invest in new technology, budgets are often limited when it comes to cybersecurity. In layman’s terms, why would a hacker struggle to gain entry through a locked door when manufacturers are leaving the entrance to their data and processes wide open?
The impact of cyberattacks on manufacturing
Clearly, the vulnerabilities in the manufacturing industry mean that the impact of a cyberattack can be huge. In May, the WannaCry ransomware worm impacted companies in more than 150 countries and was dubbed the biggest ransomware attack in history.
Renault-Nissan fell victim to the attack, which disrupted or even halted production processes and ultimately manufacturing output. The attack happened on Friday, and it wasn’t until Monday when the issue was largely rectified. It is not known what the financial impact of the attack was but given its scale, we can assume that it was significant.
Following this initial Wannacry outbreak, the ransomware reared its head in June when it was found on computer systems at Honda. Following its discovery, the production of 1,000 cars were halted at the Sayama Automobile plant outside Tokyo. The reason behind this attack is said to be a Microsoft system that hadn’t been updated to patch a pre-identified vulnerability.
It’s not just halting manufacturing that these cyberattacks focus on; in 2015, Duuzer — a backdoor Trojan — attacked South Korean manufacturing organizations, stealing sensitive information from their systems.
Of course, in manufacturing, there is a very real risk that the manufacturing processes themselves will be altered. For example, if hackers were to alter design files or settings to make even the tiniest of changes, it could result in the production of unsuitable parts and products, which would essentially lead to substantial waste and monetary losses for the company and potentially dangerous consequences should the products make it into public circulation.
Improving cyber security in manufacturing
If reading this blog has left you feeling worried about the potential vulnerabilities within your company, it’s time to take action. But how do you improve cybersecurity to avoid becoming just another example of the impact these threats can have?
It’s very easy to think that using software and digital systems can do more harm than good. However, as we’ve discussed in previous blog posts, the benefits offered by IoT in terms of efficiencies and productivity far outweigh the potential security concerns.
Clearly, the solution is not shying away from digital technology; rather, it’s about putting the processes in place to give the best of both worlds and safeguard systems from attack. Keep these three essential tips in mind:
- Proactively protect your business — don’t wait for an attack to happen before you safeguard your systems. Implement systems now to protect against loss in the future.
- Develop a contingency plan — should an attack happen, how will your business react? Put a plan in place to minimise the chaos caused by an incident. Carrying out a simulation could be beneficial if you’re unsure of what to expect.
- Offer staff training — tying in with the above point, staff training around cybersecurity is crucial. Carry out regular training sessions and outline what is expected of them in the company handbook and their contract.
- Keep systems up to date — one of the easiest ways to safeguard your business is to keep your systems updated. Don’t just click ‘remind me later’.
- Allocate a cybersecurity budget — set aside time, resources and budget against cybersecurity to instill it as an intrinsic process rather than a sub-sector that can easily be overlooked.
Don’t leave cybersecurity in manufacturing to chance; act now and ensure the safety of your processes and business-critical data in the future.
For a secure, reliable ERP system, choose Kerridge Commercial Systems’ K8 Manufacturing ERP software. Contact us for more information today.
Sources:
https://www.themanufacturer.com/articles/britains-bosses-not-prepared-cyber-attacks/
http://uk.businessinsider.com/renault-nissan-production-halt-wannacry-ransomeware-attack-2017-5