Manufacturing: A Key Target for Cyber Attacks



Previously, manufacturing companies were connected within a single building. But as the industry has grown, so have the needs to expand business through the internet, remote workers, and physical locations.


The notion that manufacturing companies were safe from cyber security attacks has quickly been erased. The manufacturing sector became the 2nd most targeted industry behind the finance industry. (Kessem, 2021). In this recent release of attack trends by industry, Manufacturing was the most targeted industry for application-layer DDoS attacks.



IoT in manufacturing presents an additional security challenge. Whether it’s robots on the shop floor or sensors to measure fuel, part wear or progress, manufacturing has a plethora of IoT devices which can be compromised resulting in defects, damange to facilities, safety issues, data leaks or plant shut downs. Eighty percent of companies using IoT have faced an attack on these devices, and with the average cost of an IoT breach averaging around $330k, this is a significant issue.


Many threats affect the industry, but the top 3 threats have been pretty consistent:


Phishing

Phishing is one of the oldest and most widely used tactics among cybercriminals. Most individuals know how phishing works, though many don't realize how advanced and easy the attacks are for cyber criminals. For commercial enterprises, phishing typically originates from within the company, or partners likely do business with your company.


Ransomware

Manufacturing companies can lose much from these types of attacks. Ransomware encrypts your company’s information and spreads throughout the organization, accessing anything and everything in the environment. Once the encryption has taken place, the unsuspected user is greeted with a notice of paying the ransom. The company then has two options, pay the ransom or restore from a backup of the system. If your company does not have a way to detect, respond quickly, and remediate, you could be left with one of these decisions.


Intellectual Property Theft

IP theft is a real and sometimes overlooked risk within organizations. But, your IP is what differentiates you from your competitors. It must be protected. How do we block this type of attack when multiple Individuals have access to valuable IP within the organization? How do we verify that the information is used appropriately and assure that everyone has appropriate access?


Here are our 5 Key Defenses:


1. Security Awareness Training

Chief Information Security Officers suggest that human error is involved in more than 43% of data security breaches. (packetlabs, n.d.) Security awareness training educates the workforce to minimize risk thus preventing the loss of PII, IP, money or brand reputation. Effective awareness training programs addresses mistakes that employees make when using electronic communications, phones, the web and other forms of communication or data exchange in the corporate world.


2. Endpoint Detection and Response

Endpoint Detection and Response, or EDR, provides visibility into endpoints and enables faster response time in the event of malicious threats. EDR tools, provide protection against an everchancing landscape of advanced malware.


3. Least Privilege Access

The principle of least privilege permission and access to perform the required job; adhering to this principle reduces the risk of a malicious actor gaining access or data using certain accounts and devices.


4. MultiFactor Authentication

In today’s digital world, employees access various web, mobile and other services. These apps require users to create accounts and passwords. This poses threats from breaches due to password strength, common passwords, and reused passwords for multiple sites. MFA will enhance your organization's security by requiring your users to identify themselves by more than a username and password. While strong usernames and passwords are important, usernames and passwords are vulnerable to brute force attacks and can be stolen by third parties and listed on malicious actors databases.


5. Culture

The concept of a “security culture” is the idea of an organization making decisions based on security. Corporate communications promotes and encourages security prioritization and incident reporting. Individuals understand their roles and critical factors in security. Attitudes from the staff believe in and support the agenda rather than feeling hindered by security.

Building strong infosec defenses is where Pillar Technology Partners can help. We bring confidence and security to your organization with our knowledge and expertise. Our services are trusted within Government offices, Financial sectors, HIPPA, and Manufacturing companies.


Want to see for yourself? Contact us and let us show you.


Other Helpful Resources:

· Past alerts and briefings from Pillar’s Cyber Defense Intelligence Team

· Other resources on ptechcyber.com

53 views0 comments

Recent Posts

See All