The Cyber Battlefield in Manufacturing: Strategies for Resilience
Discover the severe cyber threats targeting the manufacturing industry today.
Kory Daniels, chief information security officer of Trustwave, outlines several mitigation techniques to combat ransomware, phishing attacks, and third-party risks to ensure a secure manufacturing future.
The manufacturing industry weaves through many aspects of our everyday lives, from the vehicles we use on land, air, and sea to the communication technologies that connect us with loved ones and customers worldwide. This makes manufacturing-focused cyberattacks extremely consequential—they can disrupt production lines, supply chain operations, and our personal lives, resulting in significant ripple effects to financial, brand, and consumer risks. We have seen businesses publicly feel staggering financial losses that can reach thousands of dollars per minute with repercussions across the supply chain.
According to the World Economic Forum, only 19% of manufacturing leaders trust their cyber defense, and for good reason—the average cost of a manufacturing breach is $4.7 million compared to the $4.4 million cost of all other industries.
As the industry embraces technological advancements to streamline processes, converging operational technology (OT) and information technology (IT) systems has expanded the potential attack surface and created new risks. With only one entry point needed, bad actors can easily take control of an entire organization.
Manufacturing organizations of all sizes need to understand the specific risk factors the industry faces to bolster their security measures and protect against emerging threats. As manufacturers navigate the complexity of today’s interconnected networks and expanding threat landscape, they should consider the following mitigation techniques to protect against evolving attack methods.
Establish Proactive Network Monitoring Systems
The manufacturing industry is the most impacted by ransomware, with 63% of attacks targeting the United States. That number is only predicted to increase this year. Unlike other industries, the manufacturing sector cannot afford to pause operations, leading organizations to pay their ransom to recover systems and minimize downtime in production quickly. In recent years, threat actors have advanced their tactics so that if a ransom is not paid, they can use double extortion to leverage the stolen dataset for trade or sale on the Dark Web for a profit.
To reduce cyber risk, organizations should set up and regularly reassess security policies while consistently monitoring and immediately patching vulnerabilities as they are discovered. Simply enabling logs within a system is not enough to ensure security. Actively monitoring systems can establish a baseline of normal activities so that security teams can identify anomalous behavior, suspicious traffic, or unauthorized access attempts.
See More: The Vulnerabilities of Traditional Patch Management
Understand the Tell-Tale Signs of Phishing Attacks
Phishing and business email compromises (BEC) are the most popular methods cybercriminals use to access networks. Our researchers have observed cybercriminals advancing tactics to make emails more convincing by marking an email urgent and using persuasive and time-sensitive language to convince a victim to open an attachment, click a malicious link, or even transfer funds.
The trends we see with BECs are even more sophisticated, typically using business operations like payroll to convince employees to share banking information. Interplanetary File System (IPFS) links are the most common malicious URLs used in phishing campaigns (46% of incidents in 2023), while HTML smuggling accounts for 72% of malicious attachments in emails.
To better detect and prevent malicious phishing emails, manufacturers should deploy strong email security tools and consistently conduct regular mock phishing tests to assess the effectiveness of anti-phishing training.
It’s also essential to ensure all levels of the organization learn to identify malicious emails, including looking for obvious typos in emails and addresses, staying wary of uncommon asks from colleagues, and placing suspicious links and attachments. Set up strong internal policies for ongoing employee training to help minimize the risk of data breaches. This requires frequent refresher training, assessments, and feedback loops to adapt and improve strategies while educating staff on potential risks.
Promote Shared Responsibility and a Security-First Approach to Reduce Third-Party Risk
The supply chain is a foundational component of the manufacturing industry, as it is the engine for the transportation of materials into its finished product. This requires various trusted third-party partners to support all moving pieces. If not properly secured, this web of relationships expands the attack surface, creating gaps in security and leaving the organizations involved vulnerable to an attack.
Supply chain attacks appeal to threat actors because they naturally have a domino effect, resulting in substantial rewards for the attacker. Cybercriminals use ransomware tactics to target supply chains, gaining access to multiple companies and third-party partners simultaneously and amplifying their impact and ransom demands.
To prevent third-party breaches, organizations require visibility and transparent security. Manufacturers should apply the same level of due diligence to proactively assess suppliers and third-party relationships as they would with internal systems. When practiced by all employees and third-party partners, this security-first mindset emphasizes the shared responsibility across departments and organizations to secure endpoints. That collective awareness should span across various network sectors, encouraging a collaborative approach to security that enhances the overall resilience of manufacturers.
Organizations must regularly inventory all crucial suppliers and ensure all partners and internal stakeholders understand potential vulnerabilities to maintain the integrity of the entire supply chain and vendor ecosystem. This isn’t a once-and-done evaluation—instead, it requires regular checks and ongoing communication to ensure there are no gaps in security across vendors.
Commit to a Secure Manufacturing Future
The manufacturing industry faces escalating cyber risks that often lead to significant financial losses, delayed production, and negative impacts on multiple organizations across supply chains. Taking regular inventory, conducting consistent employee training, implementing email security protocols, and establishing well-defined cybersecurity policies with a security-first mindset—internally and in third-party relationships—provides a roadmap for manufacturers to navigate the complex landscape of interconnected networks. By actively embracing these mitigation strategies, manufacturers can protect their data, keep up with supply and demand, and contribute to building a resilient and secure future for the entire industry.
How can companies enhance cyber resilience? Why is proactive monitoring vital? Let us know on Facebook, X, and LinkedIn. We’d love to hear from you!
Image Source: Shutterstock