Potential Threats to Digital Security in the Production Sector
The manufacturing industry is facing a growing cybersecurity crisis, with ransomware attacks, supply chain hacks, phishing scams, and other forms of cybercrime posing significant threats.
Recent incidents highlight the severity of the issue. Applied Materials, a major semiconductor materials provider, suffered a supply chain hack that cost the company $250 million in lost revenue. The Clorox company also disclosed two data breaches in 2023, leading to an "elevated level of consumer product availability issues" and causing hundreds of millions of dollars in lost revenue due to productivity delays.
Ransomware accounts for nearly half (47%) of all manufacturing breaches, making it the most dominant threat. The industry's low tolerance for downtime makes ransomware especially damaging due to costly operational disruptions. Toyota, for instance, reduced its global output by one-third in 2022 after discovering malware and a threatening message on one of its servers, which was linked to a compromised supplier.
Supply chain attacks are another major concern. These attacks leverage interconnected vendor relationships to infiltrate networks, often causing widespread organizational disruption. Brunswick Corporation, for example, suffered a hack that forced it to halt production, resulting in losses of $85 million, but few other public details of the hack exist.
Phishing and social engineering remain prevalent, with around 85% of businesses experiencing phishing scams that lead to credential theft and fraudulent transactions. Human error and manipulation are major vulnerabilities in manufacturing cybersecurity.
Legacy systems lacking modern security features increase susceptibility to attacks. However, replacing or upgrading these systems without disrupting operations is challenging.
AI-enabled cybercrime is emerging, with malicious use of AI (e.g., deepfake scams, AI malware) creating sophisticated attacks.
To mitigate these risks, manufacturers should segment OT (Operational Technology) and IT networks, implement continuous 24/7 monitoring and AI-driven threat detection, perform regular patch management during planned maintenance windows, maintain secure, accessible backups and robust disaster recovery plans, enforce access controls and multi-factor authentication, invest in employee cybersecurity awareness training, and adopt governance frameworks and risk management approaches that address the unique convergence of IT, OT, and industrial IoT technologies in manufacturing.
Manufacturing companies might lack the necessary in-house expertise to properly structure their cybersecurity setup or address potential vulnerabilities, making them even more susceptible. Bringing on a managed security service can provide the expertise needed to quickly get an effective cybersecurity solution up and running.
In 2023, the manufacturing and utilities sectors experienced 302 data breaches, causing $14.5 billion in financial losses. The manufacturing sector has been the target of the highest percentage of cyberattacks for three consecutive years. Simpson Manufacturing and JBS are among the companies that have been hit by hacks but have not shared detailed information about the nature of the attacks.
Cybersecurity is challenging enough in non-manufacturing contexts, but it becomes additionally complex when dealing with so many legacy systems. Investing in robust cybersecurity is no longer a choice but a vital necessity for the manufacturing sector. By combining technical controls, user education, and strategic governance, manufacturing companies can strengthen their cybersecurity posture against these common and increasingly sophisticated threats.
Reaching out to a managed security provider for a discovery call can provide valuable insights into improving a manufacturing company's cyber-resilience. It's crucial to address these issues proactively to protect the industry from further financial losses and operational disruptions.
In the realm of sports, understanding threat intelligence can help teams anticipate potential cyber threats, such as social engineering attacks or targeted phishing scams, that could compromise their digital assets, staff, or fans' sensitive information.
Concurrently, the AI-driven evolution of cybercrime necessitates that sports organizations invest in robust cybersecurity measures, emulating the strategies employed by manufacturing sectors, to protect against advanced AI malware and deepfake scams that can cripple operations and exploit fans, alike.
