How is cyber security affecting the manufacturing industry?

ISO/IEC 27001 Information Security is proving to be invaluable in the fight against cybercrime within the manufacturing industry.

Did you know that manufacturers in the United States account for 11.39% of the total output and are responsible for employing 8.51% of the workforce? According to the National Association of Manufacturers, these statistics convert to an economic output of $2,334.60 billion in 2018 with an average of 12.8 million manufacturing employees. Durable manufacturing is the fifth-largest industry in the US and non-durable the 8^th. These industries combined are worth $1.7 trillion (12%) of the GDP (gross domestic product).

Manufacturing truly is a powerhouse. To quote a popular phrase, “With great power comes great responsibility,” and now more than ever, this applies to businesses holding sensitive data, valuable information, and vital records.

Cybersecurity has been the definitive buzzword in recent years due to the increase in cybercrime, with ransomware attacks up by 158% in North America alone. The FBI received nearly 2,500 ransomware complaints in 2020, according to its annual Internet Crime Report.

If you haven’t done so already, whether you are a large or small business, it’s time to make cybersecurity a priority.

What are the most common threats to manufacturers?

We have spoken with manufacturing companies who felt secure, believing that customer-facing businesses, such as financial institutions, are the target of cybercrime. The lack of connection between manufacturing and the outside world has created a false sense of security; after all, “what could manufacturing have to offer cyber attackers”?

Manufacturing companies may not always be in charge of large amounts of money but do hold a wealth of information and documentation that hackers could potentially use to extort millions of dollars.

5 common threats to manufacturers:

• Equipment sabotage: Vulnerabilities in Operational Technology (OT) are exploited by cybercriminals. An example is a malware called Triton, which hackers deployed to a petrochemical plant in Saudi Arabia, taking over the safety systems. This attack illustrates a chilling scenario of how this situation could have quickly escalated to catastrophic plant failures and mass casualties.
• Supply chain attacks: Only one link needs to be interrupted in an organization’s supply chain to cause a massive and costly disruption affecting thousands of people. The largest beef supplier globally, JBS, paid ransomware hackers $11 million to retrieve the essential files for its operations. The hackers had encrypted their files and caused the supply chain to halt.
• Phishing attacks: Manufacturing companies are especially vulnerable to phishing attacks. Because of their typically long supply chain and interconnected companies, hackers will impersonate employees, especially in management, to send out phishing emails that appear to come from within an organization and infiltrate networks and systems.
• Ransomware: Operational Technology (OT) devices used in the manufacturing industry have multiple vulnerabilities and gaps in security for ransomware attacks. In manufacturing, time is money, which cybercriminals will exploit to achieve their financial goals.
• Internal Breaches: Did you know that 30% of cyberattacks come from employees or other personnel who have access to the company? While most attacks are for financial gain, many are simply from disgruntled employees using their existing knowledge or ability to access sensitive data to cause malicious disruption. Sometimes these breaches can even be a result of human error or poor employee training.

How can manufacturers protect themselves from cyber threats?

It’s crucial to understand cybersecurity to mitigate cyber threats to manufacturers. It is as simple as starting with the education of all employees and managers to be aware, vigilant, and serious. Ongoing effective communication is critical.

5 things manufacturers should do right now:

1. Ensure that all employees, at all levels, are educated about the dangers of cybercrime and how to recognize threats.
2. Introduce strong passwords and two-factor authentication and enforce these rules.
3. Ensure updates for relevant software are always applied immediately.
4. Educate and regularly remind all employees of the dangers of opening attachments from an unidentified source.
5. Implement an Information Security Management System such as ISO/IEC 27001. IMSM can discuss with you how ISO/IEC 27001 improves and validates your cyber security standards, making your operations safe, secure, and compliant.

Why is ISO/IEC 27001 important for the manufacturing industry?

According to ‘Industry Week,’ the top three manufacturing states in the US are California, Texas and Illinois. To understand why ISO/IEC 27001 is an essential tool for the manufacturing industry, we need to look at some statistics from 2019.

1. California: Output $324.43 billion, 1.22 million employees.
2. Texas: Output $230.45 billion, 908K employees.
3. Illinois: Output $108.43 billion, 592K employees.

Taking the figures from the top three manufacturing states, we see a total output of $663.31 billion, and the total number of employees are 2.72 million.

Earlier in the article, we mentioned that 30% of cyberattacks come from employees or personnel associated with companies. With over 8% of the US workforce employed within the manufacturing industry, this reason alone is a good place to start.

Manufacturing is a significant industry in the US. Its multi-billion-dollar output relies on extensive technical data and diagrams, CAD and design files, highly accurate software-driven machinery, and a comprehensive supply chain to keep everything operational. Cyberthreats can cause devastating disruption.

ISO/IEC 27001 is the ultimate benchmark for businesses to establish, implement, operate, monitor, review, maintain, and continually improve an Information Security Management System (ISMS).

It is time to take cyber threats and data security very seriously. Start today, speak to one of our experts.