As manufacturers continue with their digital transformation initiatives and edge closer to realizing the benefits of Industry 4.0, the risk posed by ransomware and other cybersecurity threats increases exponentially. So how can manufacturers protect themselves going forward as the post-COVID world unfolds?
Even before the coronavirus outbreak, many manufacturers had embarked on digital transformation journeys to modernize and move away from legacy systems. However, the impact of the global pandemic was that many had to seriously accelerate their plans. Remote working (for those that could) became a feature overnight. To facilitate this, new systems and solutions had to be implemented, sometimes without the rigorous testing that is usually required.
This reality means that many manufacturing firms are in a more vulnerable position in terms of cybersecurity than they were two years ago.
With the threat of ransomware attacks and other cybersecurity risks greater than ever, manufacturers can no longer ignore their responsibilities.
While steps can be taken to resolve a security breach after the event, doing so is more difficult and the associated costs are inevitably higher. A better approach is to be proactive and ready for what could happen.
Manufacturers have become specific targets for ransomware attacks
According to Trend Micro research published in July 2021, a staggering 84% of US organizations have experienced phishing and ransomware type threats in the past 12 months.
Trend Micro says, “Ransomware has become a modern epidemic, hitting government, hospitals, schools and private enterprises and any other targets deemed vulnerable to extortion and capable of paying.”
But how about the manufacturing industry? Are nefarious actors targeting the companies that create many of the amazing products and solutions people use on a daily basis? Sadly, the answer is yes, and in reality, the manufacturing sector is increasingly becoming a target for cyber criminals.
Indeed, the manufacturing industry experienced significant disruption in 2020 from ransomware threats, according to separate data from Trend Micro. Attackers actually singled out manufacturing organizations during the third quarter of 2020, specifically targeting them with their ransomware operations. As a result, the manufacturing industry experienced more ransomware attacks than the government, education, technology and healthcare sectors.
For manufacturers, the reality is that cyber criminals have figured out how to infiltrate their networks and have them firmly in their sights.
How would your organization cope with losing millions?
While the largest disclosed ransomware payment made to date — $40m — was paid by a large US insurance company, manufacturing firms have also forked out some hefty sums to free themselves from the grip of cyber criminals.
In May 2021, Colonial Pipeline, which controls 45% of fuel in the Eastern United States, was targeted by Russia-based cyber criminals. The Colonial Pipeline ransomware attack, as it has come to be known, led to panic buying of gas and resulted in the company paying a $5m ransom just one day after the attack occurred.
Austrian aircraft manufacturer and supplier, FACC, which boasts Airbus and Boeing among its clients, lost $54m in early 2016. Cyber criminals posing as the firm’s CEO managed to steal this incredible amount via an email exchange. In other words, the attackers did not need to infiltrate the organization’s systems, just to pose as a high-ranking executive — a form of social engineering.
Even Tesla — which isn’t exactly seen as behind the times when it comes to cybersecurity — has not been safe from ransomware attacks. In July 2020, a Russian citizen by the name of Egor Igorevich Kriuchkov befriended a Russian-speaking Tesla employee. Kriuchkov’s plan was simple: pay the Tesla worker $1m to install malware on the firm’s computer networks, providing hackers a gateway into the California-based electric vehicle maker.
Fortunately for Tesla, the staff member had integrity and disclosed the hackers’ plans to his employer, which in turn informed the FBI. Although the crime was thwarted, it nevertheless highlights how brazen cyber criminals have become in their attempts to compromise corporate networks.
Find out how one Asian manufacturer avoided paying ransomware demands and evicted its unwanted intruders within hours of becoming breached thanks to Atos: atos.net/wp-content/uploads/2021/01/Manufacturing-giant-refuses-to-pay-ransom-and-evicts-attackers-in-hours.pdf
Steps manufacturers can take to mitigate cybersecurity risk
It is no longer acceptable for manufacturing firms of any size to adopt an “it won’t happen to us” attitude when it comes to ransomware threats, as illustrated by the data and the growing list of manufacturing victims.
So how can manufacturers mitigate ransomware threats and other cybersecurity risks?
The first step for manufacturers is to acknowledge the magnitude of the risk, then get everyone in the organization on board when it comes to cybersecurity. This must be led from the very top and championed at all levels. Leaving the CISO to fight the cause alone no longer cuts it.
Manufacturers then need to conduct a thorough and broad assessment of their current situation, including the risks posed by employees, legacy systems, third parties, remote working and more. To gain the deepest insights, manufacturers should consider partnering with a professional cybersecurity company. The knowledge, experience and capabilities of such organizations far surpasses those of any manufacturer.
The third step in the initial phase is to secure, patch and plug any system vulnerabilities discovered. At the same time, firms must train and educate their employees on how to spot potential ransomware, phishing and social engineering attempts.
Are you prepared to recover from a ransomware attack?
Going forward, it is important for manufacturers to remain vigilant and implement monitoring systems so cybersecurity incidents can be identified and, ultimately, resolved as quickly as possible.
An important factor in this final step is having the right strategic partnerships in place with cybersecurity specialists to ensure disruption and downtime are kept to an absolute minimum in the first place and — in the case of ransomware attacks — that important data can be successfully recovered.
To help manufacturers remain confident in the face of ransomware attacks, Atos and Dell have joined forces.
With Atos and Dell Cyber Recovery Solutions for Manufacturing, firms can rest assured that their infrastructure and data – including their critical business data – is in the safest possible hands.
By taking advantage of Atos and Dell’s comprehensive security offering, manufacturers can not only benefit from a comprehensive digital security solution that keeps them protected on an ongoing basis, but also be in a position of confidence in terms of recovering should they find themselves the victim of a ransomware attack.
Does your Smart Factory have smart defenses? Discover more about Atos Digital Security for Manufacturing now.