Why manufacturers need to do more about cybersecurity
Digital transformation through artificial intelligence, automation, data analytics, and cutting-edge technologies are helping shift Australian manufacturers into the fourth industrial revolution. But the benefits of advanced manufacturing come with more significant risks.
Why is manufacturing at risk?
Perhaps the biggest issue is that manufacturing companies don’t consider themselves at risk of a cyberattack, says cybersecurity firm BitLyft. Such companies may believe they don’t offer much to cybercriminals.
However, manufacturers have an abundance of valuable data, including intellectual property, customers’ financial information, and addresses, and possibly data about their supply chains. That’s why continuing digitisation of manufacturing processes and systems means the sector is becoming more vulnerable to cybercrime.
Meanwhile, ManufacturingNet reports that manufacturers tend to see cybersecurity as a non-core function, they prefer to focus their resources on boosting their operations instead. They tend to pay a ransom rather than shut down operations temporarily to deal with a cyberattack. And while there’s no law prohibiting paying a ransomware demand in Australia, it could be forbidden when a person is “reckless or negligent as to whether the money will be used as an instrument of crime”, explains top-tier law firm MinterEllison.
Globally, manufacturing is a top target for ransomware, according to Datto’s Global State of the Channel Ransomware Report. In Australia, manufacturing was in the top 10 sectors for cybersecurity incidents and top three for ransomware attacks reported in 2020-21, according to the Australian Cyber Security Centre. Ransomware attacks often happen on weekends or holidays, giving hackers more time to wreak havoc before their attack is spotted.
As well, the 2021 Global Threat Intelligence Report found that the manufacturing industry saw a 300% increase in worldwide attacks in a year. What helped boost that rate was the shift to staff working remotely and accessing company infrastructure through online client portals.
Biggest threats to manufacturing
Apart from ransomware, the top cyber threats to manufacturing include:
- Phishing attacks through emails
- Internal breaches, such as from employees or others with access to the company’s systems
- Equipment sabotage installing malware to disrupt operational technology
- Intellectual property theft
- Supply chain attacks
- Nation-state attacks (that is, where other countries target critical infrastructure and sensitive information).
Your company could experience such threats because of a lack of malware protection, poor password controls, a threadbare cyberattack response plan and insufficient monitoring.
Repercussions of cyber attacks
The consequences of cyber attacks on manufacturers include:
- Your data being compromised
- Fines and penalties for data breaches if client or employees’ information is hacked, particularly for notifiable breaches
- The risk of losing your designs and prototypes
- Hackers threatening your supply chain
- Disruption to your business and possible temporary shutdown (or worse)
- Reputational damage to your business.
Protecting your firm
The basic cybersecurity standard for manufacturers hinges upon three elements – regular employee training, security software such as through virtual private networks (VPNs) and third-party audits to help pinpoint missed vulnerabilities.
As well, carry out a comprehensive audit of your full online environment, including all devices, applications and legacy systems. Detail how they’re structured, connected and if systems are segmented. Identify legacy systems you’re using that don’t receive software updates and patches and check whether they allow unprotected remote access. Are there inactive permissions or user accounts you should swiftly change? Should you move your systems onto the cloud?
Your audit should include third-party partners, i.e. in your supply chain. Create a roadmap to identify gaps, vulnerabilities and potential risks and how you’ll address them. Check out this US Department of Defense cybersecurity maturity model for ideas.
The Australian Cyber Security Centre has also recently issued a code of practice for manufacturers using Internet of Things (IoT) devices. It focuses on securing the devices (rather than the servers) because the former are potential back-door entry points for adversaries.
Once you’ve got those elements in place, look at your cybersecurity approach as a lifecycle, not as ‘set and forget’. Continuously assess making your process more effective and cost-efficient.
And communicate with your C-Suite to update them of the need for stronger cybersecurity. Every level of your manufacturing business should be alert to the risks.
Consider another prong in your cybersecurity defence – insurance cover. It can help get your operations back online swiftly, recover lost funds, safeguard your supply chain, and more. We’re here to guide you on options to manage the increasing cyber risks for your company.