I nformation security is a top priority for manufacturers . No matter the size or scope , every company has critical data which could be at risk . We live in a new era of technology and the threats to your business are unlike any you ’ ve seen before .
“ Cyber criminals don ’ t attack just because there ’ s a vulnerability , they attack because they see an opportunity to monetize that vulnerability ,” says Rebecca Taylor , senior vice president of the National Center for Manufacturing Sciences ( NCMS ). “ They are financially motivated and therefore more likely to go after businesses where potentially valuable intellectual property or sensitive information exists . Manufacturing fits the bill .”
Manufacturing may do more than just fit the bill for a cyber criminal ’ s potential victim — the industry is becoming the primary target for cyber attacks . As recently as 2015 , one-third of all infrastructure cyber attacks occurred in manufacturing — more than double that of the energy sector ; the next most-targeted sector . 1
“ Whether it is your own intellectual property , customer or supplier data , or the threat of a ransomware attack , every company is at risk ,” Taylor states . “ In addition , your business might not be true target of the attack , but just a means to an end . They could be using you to get to your customers , your suppliers or even people who visit your website .”
Most hackers attack manufacturing in one of three ways , affecting either :
• Confidentiality — the theft of technical data and intellectual property
• Integrity — the alteration of data , processes and products
• Availability — the impairment or denial of process control , leading to reduced production or total shutdown
“ Regardless of if you are the focus of the attack or not , you are still at risk for financial , reputation or business continuity harm ,” Taylor reminds business owners .
Manufacturing : A Cyber Criminal ’ s Top Target
McAfee ’ s 2012 Threat Predictions identified manufacturers as a leader in cyber security vulnerability , noting that “[ attackers ] tend to go after systems that
“ can be successfully compromised , and [ industrial control systems ] have shown themselves to be a target-rich environment .”
Industrial control systems ( ICS ), industrial automation and process control systems are parts of what is known as operational technology ( OT ). OT is an essential aspect of manufacturing , but more vulnerable to cyber attacks than information technology ( IT ) has become , despite both having similarly valuable data . According to NCMS :
• Information Technology ( IT ) focuses on the business , software , operations and enterprise information systems required to operate and support a business . IT systems include Enterprise Resource Planning ( ERP ) systems or Customer Relationship Management ( CRM ) applications .
• Operational Technology ( OT ) concentrates on the plant , processes and equipment required to perform the actual production operations . Examples of OT elements include Manufacturing Execution Systems ( MES ), Supervisory Control and Data Acquisition ( SCADA ), meters , valves , sensors and motors , etc .
“ In manufacturing , there has been an effort made toward IT / OT convergence as systems are integrated and connected to the Internet ,” suggests Taylor . “ Even so , the OT side is often less secure because the production equipment was never designed to be secure , so a different set of approaches to cyber security must be employed .”
The rate of cyber attacks continues to increase and the importance of reliable cyber security is more important than ever . In 2016 , 92 percent of manufacturers cited cyber security concerns in their SEC disclosures , according to a report from BDO USA , a Midwest-based global accounting , tax and consulting firm . Despite this , many manufacturers are ill-equipped to handle the threat . Smaller manufacturers — those with fewer resources , less expertise and fewer people who face more wide-ranging responsibilities — are especially challenged to combat potential breaches in security .
March 2017 MiMfg Magazine 15
Every manufacturer has something valuable that someone wants . It isn ’ t a matter of if ,
”
but when , a cyber attack will occur .
— Rebecca Taylor , senior vice president , National Center for Manufacturing Sciences
“ Nearly two-thirds of cyber attacks , 71 percent , target small business . This is in part due to less sophisticated protection mechanisms and smaller budgets but , more importantly , it is due to how today ’ s cyber criminals operate ,” says Mike Maddox , president and CEO of ASK , a world class provider of IT hardware , software and service solutions . “ Cyber crime is organized and run by large criminal enterprises with deep pockets of stolen money . Unlike traditional criminals who must target one location at a time , cyber crime allows thieves to be everywhere at once .”
A large manufacturer may be the more attractive individual target but the sheer number of small manufacturers , coupled with the hacker ’ s ability to be in multiple places at once , leads to more targeted small and mid-sized manufacturers .
Lack of Cyber Security Will Cost You Millions
By 2020 , there will be twice as many devices connected to the Internet as there are people on the planet . Imagine 15 billion pieces of technology and each one capable of interacting with other devices without human interference and often without our knowledge . Manufacturers must understand the growing severity of this threat and ways they can protect their company , their people and their intellectual property .
A 2015 study calculated that a breach costs the average American business $ 15.4 million per year — double the global average . 2 Beyond the staggering cost , manufacturers face other consequences from an attack , including :
• Reduced competitiveness due to stolen data which can aid a competitor or hinder the hacked company from competing
• Broken trust as leaked data can irreparably hurt a company ’ s reputation