Why Are Manufacturers So Prone to Cyber Attacks?

The focus on uptime over security leaves manufacturers vulnerable to ransomware and other cybercrimes.

Rob Spiegel

May 30, 2023

3 Min Read
cybersecurity
Peach_iStock / Getty Images Plus via Getty Images

The FBI recently issued its annual Internet Crime Report documenting the top cyber complaints from the past year. Manufacturing ranked second among critical infrastructure sectors most commonly victimized by ransomware attacks.

Recently, Deloitte also noted the increase in cybercrime against manufacturers in its Global Cyber Executive Briefing. The report details that manufacturers are increasingly targeted not just by traditional malicious actors such as hackers and cyber-criminals, but also by competing companies and nations engaged in corporate espionage. Motivations vary from seeking money to attempts to gain competitive advantage and strategic disruption.

In the Deloitte report, analysts explained that many existing manufacturing systems were developed at a time when security was much less of an issue. “The focus of manufacturing technology has traditionally been on performance and safety, not security,” analysts said in the report. “This has led to major security gaps in production systems,”

This video hones in on the particular cybersecurity threats facing manufacturers:

 

Cybersecurity threats are nothing new to manufacturing. JP Perez-Etchegoyen, CTO of Onapsis, noted that the latest figures on cybercrime against manufacturers reemphasize the need for manufacturers to strengthen their ransomware detection and mitigation. Perez-Etchegoyen explained that among the attacks reported to the FBI’s Crime Complaint Center, ransomware was responsible for more than $34 million in losses last year.

We caught up with Perez-Etchegoyen to look further into the cyber vulnerabilities that manufacturers face.

Design News: Why manufacturers? Are they particularly vulnerable?

Perez-Etchegoyen: The diversity of the environments that are typically deployed across the organizations within the manufacturing industry leads to significant security gaps that are exploited by ransomware gangs. We are talking about corporate networks with traditional protections, as well as manufacturing plants and industrial locations with widespread OT networks that may have very diverse levels of security across the board.

DN: Is it because they are quick to pay off the ransom to avoid downtime?

Perez-Etchegoyen: Downtime does become critical in the manufacturing world. Revenue is dependent on being able to operate the plants and ransomware tends to be very destructive, causing significant downtime that translates into significant losses for organizations. That is why, in many cases, manufacturing organizations prefer to pay the ransom in an attempt to restore operations with the lowest possible downtime.

DN: Does it have to do with the conflict between IT and OT priorities?

Perez-Etchegoyen: That definitely contributes. The levels of investment and security protections that organizations deploy on IT networks are way more advanced than whatever is ultimately deployed across the OT networks. The devices connected to OT networks are not managed with security as a priority, but with availability as a driver for productivity, generating a conflict when there are required downtime windows to perform improvements or apply security patches.

DN: What are some of the solutions?

Perez-Etchegoyen: We could try to bring a sophisticated plan into life but the reality is that the solution starts with basic hygiene. That means applying security patches across the board, managing security configurations, and implementing the principle of assigning the least privilege. If we think about the 80-20 rule (20% of the work generating 80% of the outcomes), those three security measures would probably get you pretty close to that 80% threshold.

About the Author

Rob Spiegel

Rob Spiegel serves as a senior editor for Design News. He started with Design News in 2002 as a freelancer covering sustainability issues, including the transistion in electronic components to RoHS compliance. Rob was hired by Design News as senior editor in 2011 to cover automation, manufacturing, 3D printing, robotics, AI, and more.

Prior to his work with Design News, Rob worked as a senior editor for Electronic News and Ecommerce Business. He served as contributing editolr to Automation World for eight years, and he has contributed to Supply Chain Management Review, Logistics Management, Ecommerce Times, and many other trade publications. He is the author of six books on small business and internet commerce, inclluding Net Strategy: Charting the Digital Course for Your Company's Growth.

He has been published in magazines that range from Rolling Stone to True Confessions.

Rob has won a number of awards for his technolloghy coverage, including a Maggy Award for a Design News article on the Jeep Cherokee hacking, and a Launch Team award for Ecommerce Business. Rob has also won awards for his leadership postions in the American Marketing Association and SouthWest Writers.

Before covering technology, Rob spent 10 years as publisher and owner of Chile Pepper Magazine, a national consumer food publication. He has published hundreds of poems and scores of short stories in national publications.

Sign up for Design News newsletters

You May Also Like