In 2018, the global cybersecurity market was already estimated to be worth an impressive £91.21 billion, with projections for the year 2024 pegged at £205.59 billion. The application of the Internet of Things (IoT), bring your own device (BYOD), machine learning and artificial intelligence (AI) in business has brought a whole new level of hyperconnectivity between industries, their employees and customers. This high degree of connectivity, however convenient and useful to both manufacturers and customers, comes at a great cost as it opens up systems to outside tampering. Coupled with increasingly sophisticated cyber threats and attacks, these innovations will continue to fuel the importance of cybersecurity in all business domains, including manufacturing, and this cannot be ignored.
Traditionally, though (or at least in the past decade), cyber-crime tended to be specialised or niche-focussed. Most of the cyberattacks in the past decade targeted financial institutions, facilitated through the use of malware designed to collect financial information. The “old” cyber-crime market concentrated on trading stolen credit card data, as well as on the manipulation of the internal networks of global financial institutions. These criminal groups took advantage of the weak margins of co-operation and loosely guarded data entry points characteristic of earlier borderless virtual business environments.
However, according to the Wall Street Journal, all companies operating today that make extensive use of the internet are exposed to cyber risks. For many manufacturers, though, the threats are compounded and more serious than ever before. In fact, one NTT Security report has shown that during the second quarter of 2017, 34 per cent of documented cyberattacks were launched against manufacturing companies.
Data threats in manufacturing
While convenient and helpful in terms of efficiency and productivity, digital interconnections and rapid technological innovation have contributed to the risk of cyberattacks in the manufacturing sector.
The advent of relatively new technologies such as IoT, AI, advanced real-time data analytics and robotics has equipped manufacturers with the ability to respond quickly to customer needs and demands, as well as minimise equipment failure and breakdown, thereby maximising both productivity and profit. Data analytics, in particular, has made it possible to implement predictive maintenance, thereby effectively reducing manufacturing downtime in smart manufacturing establishments.
However, these advantages come at a price. This high level of interconnectedness and seamless merging of the digital world with physical action has increased the level and types of threats faced in the manufacturing industry. As mentioned earlier, because of the earlier concentration of cyberattacks and data breaches in the financial industry, most manufacturing companies felt falsely secure from any cybercriminal interests—at least, relatively so.
As a consequence, most had taken only a minimally defensive stance and adopted minor measures to protect themselves from cybercriminals. Of course, this meant inadequate data protection and system security. Kaspersky Labs, in their 2017 report, echoed NTT Security findings, stating that manufacturing companies were the most vulnerable to threats during the first half of that same year. Specifically, computers used in the manufacturing industry were targeted in around one-third of all the cyberattacks in 2017.
Despite these findings, it appears that small-sized manufacturing firms have yet to implement strict cybersecurity measures, citing a lack of time and resources as the primary reasons behind these delays.
This means that a large number of manufacturers still lack a cyber-protection plan that is fundamental to the safety of their critical assets, i.e. customer data and information systems.
It must be noted that with smart manufacturing being the way it is today, all interconnected devices that have access to part of a company’s system and or data are a potential threat source. This is why it is critical for manufacturers to safeguard their data and put access limits in place for each user. Manufacturers also need to conduct periodic cyber risk assessments, especially on devices used in manufacturing processes.
Most manufacturers that cannot afford to have a full-fledged IT department or are too small to make it cost-effective to have their own have turned to managed service providers (MSPs) equipped to handle cybersecurity challenges.
However, recent frequent ransomware attacks on MSP systems themselves (especially in 2019) have brought to question their ability to protect the data assets of their clients. These instances have also forced government agencies and cybersecurity companies to develop tools and protocols designed to protect sensitive data. MSPs have also had to reassess their current practices, policies and systems to ensure their ability to counter cyberattacks and protect their clients’ digital assets.
Increasing sophistication in the threat landscape
Heavy industrial companies in power generation and distribution, oil extraction or refinery, mining and other similar industries are also attractive targets to cybercriminals. Evidence of this is available in a 2018 report, which showed that almost 60 percent of the companies surveyed already underwent industrial control system (ICS) or supervisory control and data acquisition (SCADA) system breaches.
The reason behind the exceptional vulnerability of heavy industries is their decentralised, distributed structure and massive operational technology (OT) environment. These qualities make it difficult to easily identify subtle irregularities in their systems as these do not lend themselves easily to conventional cybersecurity controls. Moreover, most manufacturing companies have only invested in cyber maturity assessments (CMAs) of late—something they should have heavily invested in years ago.
During a CMA, an assessment of your organisation is conducted to determine your company's ability to protect data assets, your level of maturity on a site by site basis, and your preparedness against cyber threats and attacks. Examples of companies that conduct CMAs include KPMG, Rapid7, NTT Security and CyberInt.
Still, as heavy industrials gain greater awareness of the sophisticated threat landscape looming in the horizon, more manufacturing companie have begun to focus on and invest heavily in cybersecurity.
When it comes to the threat landscape, these sources come to mind:
- Geopolitical tensions: Political dissenters, cyber-terrorists and cybercriminals now target nation-critical infrastructure, including heavy industries in power generation or those that deal directly with governments.
- Digitisation of the operational environment: Like other smart industries, the mining, oil and gas and electricity sectors have invested heavily in digitising their operational value chains. Doing this has, of course, proven beneficial to their analytical capabilities, automation, productivity and process optimisation. However, it has also granted third party and or remote access to what once were isolated ICS and SCADA devices, which used to be controlled by only a few authorised users.
- Ransomware: As previously mentioned, there was an unprecedented increase in the number of ransomware attacks on MSPs last year. Other attacks on record have been more direct, such as the incident initiated by WannaCry against a major Chinese oil company, as well as NotPetya, which released a malware that erased data on IT devices worldwide and affected 25 per cent of oil and gas companies.
- Botnets: There are certain botnets that have been identified as being capable of detecting and infecting SCADA systems, as well as those that specifically target IoT devices. Crypto-mining malware that targets ICS computers has also become more common. This type of malware severely hampers productivity by increasing industrial system loads.
Such attacks, whether targeted or non-targeted, disproportionately affect industrial companies using several devices and which have a lower level of cyber maturity.
On top of these, companies today need to continue protecting themselves from increasingly advanced cyberattacks while also maintaining a generally conventional OT environment. About half of the companies covered in one study still used versions of Windows no longer supported by Microsoft security patches. These scenarios have no place in today’s globally interconnected environment where cybercriminals are getting smarter and more insidious in their approaches.
Cybersecurity—a critical business component
Martin Thomas, European Marketing Manager at Radwell International Ltd explains more. “As manufacturers become increasingly aware of the types of threats their establishments are facing, and in view of stricter compliance requirements, they have no recourse but to rethink their cybersecurity policies and practices. Others have taken to adopting new OT security tools, while some have adopted a risk-based approach by conducting audits of their critical assets and implementing appropriate controls to mitigate risk exposure.
Whichever course companies take, it is critical for all manufacturers to have a written cyber incident response plan. This should be subjected to a battery of tests and drills, including scenarios where there is both data and IP loss, as well as situations where manufacturing systems themselves become inoperable.”
It is certain that the digital landscape and technology will continue to change. What is important is that manufacturers need to be guarded in what technology and systems they adopt. They must also stay updated with cybersecurity developments and subject themselves to periodic assessments and audits to ensure data security and integrity while also maintaining operational efficiency and productivity.