The focus on uptime over security leaves manufacturers vulnerable to ransomware and other cybercrimes.

Rob Spiegel

May 30, 2023

3 Min Read
cybersecurity
Peach_iStock / Getty Images Plus via Getty Images

The FBI recently issued its annual Internet Crime Report documenting the top cyber complaints from the past year. Manufacturing ranked second among critical infrastructure sectors most commonly victimized by ransomware attacks.

Recently, Deloitte also noted the increase in cybercrime against manufacturers in its Global Cyber Executive Briefing. The report details that manufacturers are increasingly targeted not just by traditional malicious actors such as hackers and cyber-criminals, but also by competing companies and nations engaged in corporate espionage. Motivations vary from seeking money to attempts to gain competitive advantage and strategic disruption.

In the Deloitte report, analysts explained that many existing manufacturing systems were developed at a time when security was much less of an issue. “The focus of manufacturing technology has traditionally been on performance and safety, not security,” analysts said in the report. “This has led to major security gaps in production systems,”

This video hones in on the particular cybersecurity threats facing manufacturers:

 

Cybersecurity threats are nothing new to manufacturing. JP Perez-Etchegoyen, CTO of Onapsis, noted that the latest figures on cybercrime against manufacturers reemphasize the need for manufacturers to strengthen their ransomware detection and mitigation. Perez-Etchegoyen explained that among the attacks reported to the FBI’s Crime Complaint Center, ransomware was responsible for more than $34 million in losses last year.

We caught up with Perez-Etchegoyen to look further into the cyber vulnerabilities that manufacturers face.

Design News: Why manufacturers? Are they particularly vulnerable?

Perez-Etchegoyen: The diversity of the environments that are typically deployed across the organizations within the manufacturing industry leads to significant security gaps that are exploited by ransomware gangs. We are talking about corporate networks with traditional protections, as well as manufacturing plants and industrial locations with widespread OT networks that may have very diverse levels of security across the board.

DN: Is it because they are quick to pay off the ransom to avoid downtime?

Perez-Etchegoyen: Downtime does become critical in the manufacturing world. Revenue is dependent on being able to operate the plants and ransomware tends to be very destructive, causing significant downtime that translates into significant losses for organizations. That is why, in many cases, manufacturing organizations prefer to pay the ransom in an attempt to restore operations with the lowest possible downtime.

DN: Does it have to do with the conflict between IT and OT priorities?

Perez-Etchegoyen: That definitely contributes. The levels of investment and security protections that organizations deploy on IT networks are way more advanced than whatever is ultimately deployed across the OT networks. The devices connected to OT networks are not managed with security as a priority, but with availability as a driver for productivity, generating a conflict when there are required downtime windows to perform improvements or apply security patches.

DN: What are some of the solutions?

Perez-Etchegoyen: We could try to bring a sophisticated plan into life but the reality is that the solution starts with basic hygiene. That means applying security patches across the board, managing security configurations, and implementing the principle of assigning the least privilege. If we think about the 80-20 rule (20% of the work generating 80% of the outcomes), those three security measures would probably get you pretty close to that 80% threshold.

About the Author(s)

Rob Spiegel

Rob Spiegel serves as a senior editor for Design News. He started with Design News in 2002 as a freelancer and hired on full-time in 2011. He covers automation, manufacturing, 3D printing, robotics, AI, and more.

Prior to Design News, he worked as a senior editor for Electronic News and Ecommerce Business. He has contributed to a wide range of industrial technology publications, including Automation World, Supply Chain Management Review, and Logistics Management. He is the author of six books.

Before covering technology, Rob spent 10 years as publisher and owner of Chile Pepper Magazine, a national consumer food publication.

As well as writing for Design News, Rob also participates in IME shows, webinars, and ebooks.

Sign up for the Design News Daily newsletter.

You May Also Like