Rory Duncan, security go-to-market leader, NTT asks if manufacturing more exposed than ever to a cyberattack?
Cyberattacks on manufacturing organisations are increasing. But as the technology driving many industrial processes and systems continues to progress, the awareness and action around cybersecurity has lagged. We are also seeing a generation of cyber criminals that are innovating faster, investing heavily in the automation of attacks, and using advanced capabilities that use artificial intelligence and machine learning – certainly faster than organisations can keep up.
According to 2020 Global Threat Intelligence Report (GTIR) published today by NTT, attacks against the manufacturing sector remain a clear and present threat to around the world. In the UK & Ireland, manufacturing is now the most attacked sector, representing 29 per cent of all attacks in this market.
While the figures are cause for concern, we have seen this coming for some time now. Manufacturing and industrial plants, including power stations, utilities and others that are part of our critical national infrastructure, have been under attack for years. Cyberattacks on power grids in the Ukraine led to blackouts in 2015 and 2016 and further back in 2010 we witnessed the Stuxnet attack against Iran’s nuclear processing facility. These are just the high-profile cases; everyday organisations like this are fighting off continuous threats.
Manufacturers have always been highly attractive targets for cyber criminals and nation states because of the valuable data they keep about systems, processes, supply chains, and highly sensitive IP around design and specification. In the wrong hands such information could be devastating for any business – but especially so for those where innovation is a key differentiator in a competitive market, such as automotive, pharmaceuticals or technology.
The sector faces growing attacks on its global supply chains, as well as the exploitation of unpatched systems that are often several years old. The Conficker worm was the single most commonly detected variant of malware (11 per cent of all detections) in manufacturing suggesting these organisations have outdated or unpatched systems and weak passwords, leaving them vulnerable to infection via other malware variants.
Reconnaissance attacks were the most common form of attack aimed at manufacturing organisations, helping attackers to determine where to focus web application and application-specific attacks for maximum effectiveness.
Convergence of OT and IT
Manufacturing today is highly automated and increasingly dependent on interconnected systems with the convergence between operational technology (OT) and IT. Because security has lagged, potentially exposing systems and processes to attack, these new connected technologies are under threat. Poor OT security is a legacy issue. Many manufacturing systems were designed with efficiency, throughput, health and safety and compliance in mind rather than security.
In the past, OT has relied on a form of ‘security through obscurity’. The protocols and interfaces in these systems were often complex and proprietary, and security was not seen as a priority as there was no real perceived cyber threat. As a result, it was difficult for attackers to mount a successful attack. But as more and more systems come online, and attackers innovate and automate their attacks, organisations can no longer hide.
With this greater convergence between IT and OT, there is the risk that organisations will fail to fully understand how exposed they are and the scale of the attack surface, particularly when it comes to other systems and networks that they are connected to, including the supply chain. If this happens, we could see a further increase in attacks on manufacturing to make it the number one target sector globally and not just in the UK.
The Covid-19 effect
The current global pandemic has shown us that cyber criminals will take advantage of any situation. We are now seeing increased numbers of phishing and ransomware attacks and we expect this to get worse before it gets better. Manufacturing organisations will need to be even more vigilant in this age of unknowns.
Supply chain issues are impacting the sector as factories and plants scale back or halt operations, or even close to keep workers safe. Yet manufacturers must continue to provide materials and to keep food in supermarkets and essential supplies coming in. For others, their ability to quickly convert operations to create much needed personal protective equipment, ventilators or to manufacture hand sanitisers has been critical.
Whether it is increased demand for goods, disruption to operations or the need to pivot in a crisis, manufacturers must continue to make security is critical to their operations. Being cyber-resilient and secure-by-design ensures security is embedded into the fabric of the business and they are ready to respond to anything in an evolving threat landscape.
