The manufacturing industry currently stands as one of the most attractive targets for cyber attackers. Often dubbed the backbone of global economies, manufacturers play a pivotal role in the production of essential goods and services. This significance makes it an alluring target for cybercriminals seeking financial gain, or nation-state threat actors conducting industrial espionage.
As manufacturing becomes increasingly digitized with the adoption of smart technologies like IoT, analytics, and AI-driven automation, the attack surface for cyber threats has expanded. Ongoing digital transformations in this sector have paved new opportunities for attackers to infiltrate systems and wreak havoc.
Modern cyber threats in this critical sector are multifaceted. Extortion and ransomware attacks have surged in recent years, disrupting industrial control systems (ICS) and leading to significant financial losses and, in some cases, plant shutdowns. The theft of intellectual property, trade secrets, and proprietary information also remains a steady cause for concern and poses a direct threat to global manufacturers as holders of sensitive data.
This post examines the reasons why threat actors continue to be drawn to the manufacturing industry, the specific risks associated with this sector, and what manufacturing leaders can do to safeguard their operations from future attacks.
Digital Evolution in Manufacturing | Navigating Benefits and Cybersecurity Challenges
Manufacturing is evolving rapidly due to data connectivity, analytics, and automation. This leap from previous computerized methods incorporates smart technologies, Internet of Things (IoT), cloud computing, artificial intelligence, and big data analytics.
Interconnectedness is pivotal in this transformation. Human-machine interactions and real-time system communications are central to the optimization of production. However, this connectivity introduces significant cybersecurity challenges.
While innovations enhance manufacturing efficiency, they also usher in vulnerabilities. Increased reliance on networked devices magnifies the potential for breaches, with threats ranging from system disruptions to data theft.
Security professionals must balance the benefits of cutting-edge technologies with robust protection against intricate cyber threats. Key cybersecurity areas include:
- Interconnectivity – Linking devices and systems facilitates data sharing but demands stringent protection against unauthorized access to prevent data breaches.
- Data Transparency & Analysis – Gathering and evaluating extensive data sets necessitates stringent measures like encryption to safeguard data integrity.
- Smart Factories – Manufacturing plants using AI to create self-monitoring and self-optimizing production environments require defense against cyber threats that could disrupt operations or compromise quality control.
- Customization & Flexibility – Cybersecurity measures are needed to ensure that systems designed for mass customization and flexiple production remain resilient in the face of evolving cyber threats, maintaining the integrity of custom products and production processes.
- Real-Time Monitoring & Control – Constant monitoring and threat detection are critical as any cybersecurity breaches or attacks can have immediate and severe consequences.
- Global Supply Chain Integration – Managing cybersecurity in interconnected global supply chains requires collaboration with diverse stakeholders including international partners, third-party vendors, and customers to ensure a unified front against cyber threats and data breaches.
- Human-Machine Collaboration – As workers engage with advanced systems, it is increasingly important that they are trained to recognize, avoid and respond appropriately to potential security risks.
Examining the Rise of Attacks on the Manufacturing Sector
Over the years, cyberattacks on the manufacturing industry have evolved into highly sophisticated and widespread threats. Initially driven by opportunistic threat actors, these attacks have transformed into targeted and well-orchestrated campaigns. Malicious actors now leverage advanced techniques, including extortion with or without ransomware, supply chain compromise, and unpatched vulnerabilities. These attacks not only aim to disrupt operations but also steal valuable intellectual property and sensitive data.
The following brief timeline of cyberattacks on global manufacturers shows threat actors’ unrelenting interest in this critical sector:
- Norsk Hydro (2019) – Norsk Hydro, one of the world’s largest aluminum producers, fell victim to a cyberattack via LockerGoga ransomware. This targeted attack disrupted the company’s global operations, forcing a shutdown of several plants and affecting both production and distribution. LockerGoga had encrypted vital data, demanding a ransom for decryption keys. Security researchers believe that the attackers initiated their campaign by using legitimate user credentials either previously stolen or bought off the dark web.
- JBS (2021) – the multinational meat processing company became the victim in a high-profile cyberattack orchestrated by the REvil ransomware group. This attack disrupted JBS’s global operations, impacting meat production and supply chains across several countries for nearly a week. REvil demanded a substantial ransom of $11 million for data decryption and the prevention of sensitive information leaks.
- Toyota Motor (2022) – The automotive giant was hit with a supply chain cyberattack that had targeted Kojima Industries, Toyota’s plastic and electronics parts supplier. As a result, 14 domestic production lines were halted, affecting approximately 13,000 vehicles and costing almost $375 million from the company’s bottom line. Kojima was reported to take several months after the initial attack before they could return to pre-attack routines.
- MKS Instruments (Feb, 2023) – the semiconductor chip maker reduced its estimates for the first quarter of 2023 by $200 million as a result of a ransomware attack. The company is also facing legal action related to the loss of PII.
- Dole (Feb, 2023) – in the same month, food giant Dole was forced to shut down production plants after a ransomware attack, resulting in $10 million of direct costs.
- Brunswick Corporation (June, 2023) – marine industry manufacturer Brunswick was caused to halt operations at some of its plants after a cyberattack that has so far resulted in at least $85 million in losses.
What Cyber Threats Are Faced by Manufacturers?
Manufacturers are at the forefront of driving significant innovation in product development, manufacturing processes, and their relationships within the industrial ecosystem to remain competitive in the global market. They employ a wide array of technologies, such as complex global networks, various back-office business applications, and several generations of industrial control systems (ICS) that oversee high-risk manufacturing procedures and a diverse range of technologies. As a result, the manufacturing industry has seen stark changes in the breadth and complexity of cyber risks.
Attacks on Industrial Control Systems (ICS)
Manufacturers rely on industrial control systems (ICS), also referred to as automation systems, as essential digital tools supporting production output. These systems are critical to efficient energy and labor costs, as well as helping to meet environmental requirements. Since ICSs reduce the need for constant human oversight, their automated nature presents opportunities for substantial cybersecurity risk. Where efficiency is enhanced, vulnerabilities are also created. Threat actors can infiltrate ICS systems with the purpose of jeopardizing human safety and causing widespread disruptions.
Unauthorized individuals gaining access to ICS systems can manipulate or disrupt manufacturing processes, potentially causing damage to equipment or product quality. Attackers may also discover and exploit unpatched (N-day) flaws or previously unknown vulnerabilities (Zero-days) to compromise ICS systems.
Social Engineering & Phishing
Social engineering attacks such as business email compromise (BEC) often target manufacturing employees with administrative access to sensitive data. If successful, attackers can gain unauthorized access to core systems, accessing intellectual property (IP), trade secrets, and even private customer data. Phishing attacks can also deliver malware that disrupts manufacturing operations, causing extended downtime and both short and long-term financial losses. Attackers may also manipulate systems, affecting product quality and safety, which in turn leads to brand damage and loss of new business opportunities.
Theft of Intellectual Property (IP)
A manufacturer’s intellectual property (IP) is perhaps its most valuable asset, and its compromise can have serious consequences. IP theft ranks among the most financially burdensome cyber threats. It can be perpetrated by external attackers seeking to steal trade secrets as well as by malicious insiders, aiming to profit by selling any confidential information they get their hands on.
Extortion and Ransomware
Manufacturing firms face ever-growing risks from threat actors using extortion tactics such as ransomware and data theft, with the average cost of data breaches in this sector totaling to $4.73 million USD in 2023, up from $4.47 million the year before. In 2022, manufacturers held the highest share of cyberattacks compared to other critical industries worldwide at almost 25% of total cyber attacks recorded.
These attacks particularly impact the manufacturing industry due to its acute time sensitivity. In the manufacturing world, time equates to revenue, and companies are under intense pressure to pay a ransom to avoid the immediate losses incurred from production delays. However, paying neither guarantees that stolen data will not still be leaked or quietly sold, nor that the victim will avoid longer term financial or reputational harm. An ever-growing list of sanctions against ransomware operators means payment itself may incur federal penalties.
Moreover, the costs of such attacks extend beyond the initial disruption and the ransom itself. Significant costs can accrue from legal actions taken by regulators, clients and employees, particularly when the data breach contains sensitive or personally identifying information. There are also significant costs associated with efforts to investigate the incident, recover systems and beef-up security after-the-fact, meaning that prevention is the most cost-effective cure for such attacks.
Supply Chain Attacks
Supply chain attacks involve cybercriminals targeting a company’s associates or suppliers, typically achieved through phishing or compromising these third parties’ networks. Once access is gained, attackers can proceed to infiltrate the manufacturer’s network, with intentions ranging from data theft and malware deployment to disrupting the supply chain sufficiently to stop production.
The manufacturing sector is particularly susceptible to such attacks due to the numerous vulnerable endpoints distributed among a vast network of interconnected suppliers. This diversity provides actors with multiple entry points to infiltrate a network and launch subsequent attacks on the manufacturer. Considering the fact that each link in the supply chain often relies on others, an attack on a single supplier can quickly affect many others within the chain.
Cyber threats against manufacturing companies aren’t solely the work of financially-motivated cybercriminals; they can also arise from foreign competitors and nation-state threat actors.
Recent data indicates that 17.7% of nation-state attacks have been directed at the manufacturing sector. These actors typically have significant resources and use advanced tools to perform attacks that can be difficult to identify and counter. Such threats may impact critical infrastructures or compromise military contractors. This emphasizes the importance of effective cybersecurity measures in the manufacturing sector.
Manufacturers are increasingly at risk of attacks as they embrace approaches like Industry 4.0 and related technologies, particularly IoT ‘Smart’ devices. Threat actors can exploit these connected devices to infiltrate networks, potentially compromising sensitive data and exposing both proprietary information and customer data.
Many IoT devices lack robust security features, making them easy targets for cybercriminals. Once compromised, Smart devices can serve as entry points to the broader manufacturing network. Attackers can also seek to manipulate IoT-controlled machinery, causing production delays, equipment damage, or even safety hazards.
Regulators Have Taken Notice | It’s Time for Action
Federal and state-level governments are taking action to protect this critical sector, tackling the industry’s fragmented approach to cyber management. Specific sectors such as water, transportation, and pipelines, are all required to adhere to federal cybersecurity regulations. Internationally, IEC 62443 is recognized as the primary cybersecurity standard for industrial control systems.
Proposed legislation like the European Union’s Cyber Resilience Act aims to standardize cybersecurity requirements for products throughout their lifecycle. Meanwhile, regulations such as NIS 2 and Critical Entities Resilience (CER) directives classify select manufacturing sectors as vital entities, mandating heightened security measures.
How Singularity™ XDR Defends the Manufacturing Supply Chain
SentinelOne protects manufacturing enterprises through a single, AI-powered XDR solution that extends robust coverage from endpoints and users to cloud workloads, IoT devices, and more. Singularity™ XDR focuses on delivering maximum visibility across entire systems so as to detect and respond to the very first signs of intrusion.
Global leaders in the manufacturing industry trust Singularity™ XDR, which allows them to focus on guaranteeing uptime and providing greater ROI, reducing threats and making the most of their operational efficiencies. Key features of SentinelOne’s Singularity™ XDR defending modern manufacturing organizations include:
- Endpoint Protection – Secure endpoints with advanced machine learning algorithms that detect and block malicious activities in real-time.
- User Behavior Analytics – Analyze user behavior patterns to identify potential account takeover attempts and take immediate action to prevent unauthorized access.
- Cloud Workload Security – Protect your cloud infrastructure with automated CWPP enforcement, real-time monitoring, and threat detection, ensuring a secure environment for user accounts and sensitive data.
- Integration with Existing Security Infrastructure – SentinelOne Singularity™ XDR seamlessly integrates with existing security stack, enhancing the organization’s overall defense against cyber threats.
Rapid digital transformation in the manufacturing sector has accelerated growth but also exposed organizations to sophisticated cyber threats. Spanning essential branches including consumer goods, automotive, electronics, pharmaceuticals, and more, cyberattacks on manufacturers can trigger costly repercussions across global networks.
Though world governments are stepping up security investments in response to mounting cyber threats, manufacturers can augment their cybersecurity posture by investing in AI-powered detection and response capabilities that provide network-wide visibility and control.