The manufacturing industry is an attractive target for digital attackers. As noted by Manufacturing Global
, bad actors who infiltrate a manufacturing firm can steal intelligence on new products, processes and/or technology. They can then either sell this information to the victim organization’s competitors or, if they are state-sponsored, give the stolen data to their own country’s companies and thereby help them gain an edge in the global market.
Various research publications have confirmed criminals’ interest in manufacturing organizations. For instance, Verizon Enterprise’s “2018 Data Breach Investigations Report
” (DBIR) tracked 536 incidents, 73 of which involved data disclosure, that affected manufacturing companies. External actors were responsible for the vast majority (89 percent) of these incidents, with their motives almost evenly divided between financial (53 percent) and espionage (47 percent). Personal information was the most commonly affected data at 32 percent of security events followed by secrets and credentials at 30 percent and 24 percent, respectively.
These incidents have affected a large number of firms in the process. A 2016 report published by the Manufacturers Alliance for Productivity and Innovation
and Deloitte found that 39 percent of manufacturers suffered a data breach in the previous year. Similarly, the “2018 IBM X-Force Threat Intelligence Index
” found manufacturing to be the second-most targeted industry behind information & communications technology.
Not only that, but security events have also become costlier for manufacturing firms. Ponemon found in its “2018 Cost of a Data Breach Study
” that the cost of a data breach increased 6.4 percent over the previous year to $3.86 million. That’s the price tag for an average security incident. Major attacks like NotPetya have cost manufacturing firms much more than that
Given these rising data breach costs, manufacturing organizations have an incentive to shore up their digital defenses. But not all firms are on the same page. Many suffer from a lack of digital security that hinders their security strategies.
In their joint-study entitled “Cyber Security for Manufacturing
,” 41 percent of manufacturing companies admit that they do not believe they have access to enough information to properly assess their digital risk. Not much more than that (45 percent) say they don’t have the right tools for the job, while 12 percent reveal that they have no managerial or technical processes in place to even begin assessing their risk. The report also reveals that manufacturing organizations tend to focus on securing their OT environments at the expense of their IT assets.
Fortunately, manufacturers can fill these security gaps and adequately protect themselves using the following steps:
- Keep highly sensitive data separated from the rest of the network. Manufacturing companies can complement this policy with security controls that monitor if and when someone accesses the information.
- Secure digital supply networks. With the rise of the Internet of Things, many companies are now creating what’s known as a digital supply network to streamline their delivery of goods and materials across the supply chain. Suppliers tend to have various security standards for their connected devices and platforms. Manufacturing companies should take this variability into consideration when deciding what data to share with suppliers. They should also consider using compliance software to verify that a vendor’s security controls match up with their security policies.
- Use data loss prevention (DLP) tools. For example, companies can use encryption to prevent unauthorized actors from accessing sensitive data while it’s in transit.
- Make it easy for employees to report phishing attacks. Organizations need to empower employees to be the first line of defense. That being said, they also need to invest in an email solution that can help block suspicious emails in the first place, as some threats will always get through. Learn how ZixProtect takes email to the next level.