Cyber threats to the manufacturing industry

The manufacturing industry plays a critical role in global supply chains and relies heavily on the IT systems in which it operates on, making it an attractive prospect to cybercriminals. Companies in this sector are particularly vulnerable because a loss of service could have catastrophic consequences, not just for the victim, but also other parties involved in the supply chain. As a result, a cyber attack can create significant financial, reputational and legal impact, therefore demands for a ransom are often successful.

IBM’s X-Force Threat Intelligence Index 2022 states that the manufacturing sector has become the world’s most attacked industry. The impact of a cyber attack on this industry was shown in March 2019 when production was halted at aluminium maker, Norsk Hydro, after they experienced a ransomware attack on their systems. The incident started from a phishing email, which was inserted into a genuine email thread with an attachment containing a virus. This virus sat on the system for days before it was detected by anti-virus software, but by then it was too late. The incident cost the company over £45 million and resulted in the entire workforce resorting to pen and paper until the systems were restored. Aside from the financial impact of the attack, there was also an issue of health and safety, as there were staff operating heavy machinery in the factory and a sudden failure in the system could have resulted in an injury, or worse. Fortunately for Norsk Hydro and their employees, this was not the case.

Ransomware is a type of malware (malicious software) which involves a malicious party encrypting a user’s files and threatening to release, delete or hold onto data unless they receive payment in exchange for the decryption key. In most cases, the criminal takes the payment without releasing the files. Ransomware has increased in popularity with cybercriminals in the last few years, not only because of the disruptive impact it has, but also because of the amount of companies that pay the ransom without the guarantee of getting their files back.

Phishing is a type of social engineering where a malicious party sends a message, often over email or SMS, designed to trick a person into revealing sensitive information or deploying malicious software onto the victim’s infrastructure. Phishing can take many forms but is most successful through enticing an individual to click on a link to a fraudulent website or tempting the victim to open an attachment which contains malware.

Cybercriminals continue to develop their tactics and now regularly deliver sophisticated ‘spear-phishing’ or ‘whaling’ campaigns to target business leaders and decision makers to maximise the impact. The most successful cybercriminals research their targets to create realistic communications that are more likely to dupe the receiver.

A DDoS attack involves a malicious party attempting to make an online service unavailable by overwhelming it with traffic from multiple, remote locations. Many systems in a manufacturing plant rely on online services, and a cybercriminal could deploy a DDoS attack on these systems to bring a halt to production, resulting in significant potential monetary losses. They have also been used in tandem with wider ransomware attacks, making the general public, or the company’s customers, aware that an attack is taking place and thus piling on more pressure for the ransom to be paid quickly.

Unfortunately, it is a matter of when, not if, your organisation will be subject to a cyber attack. Therefore, it is essential that your organisation has an incident response plan readily available for when this occurs, which has also been tested. Many organisations have plans in place but have not tested them in a scenario-based setting, so the plan may work on paper but not necessarily in reality when a situation occurs.

Performing regular backups of the systems that your organisation relies on for essential services can help restore functionality should you fall victim to a cyber attack without too much disruption. While it is possible that some data may still be lost, restoring your systems using the most recent backup will help prevent an entire loss of services.

The manufacturing industry is built on the effectiveness of its supply chain, from where each machine part, to each screw, is sourced. If a cyber incident occurs at one of the suppliers at any stage of the chain, this can cause significant disruption to production services. It is therefore essential than your organisation performs the appropriate due diligence on its suppliers to ensure that the cyber security controls they have in place are adequate. It is also essential that the supply chain is regularly reviewed as cybercrime is constantly evolving, meaning the controls your supplier has in place may be sufficient last year, but not necessarily this year.

No matter how strong your organisation’s technical defences are, they can be easily circumvented by human error. As mentioned in the Norsk Hydro example above, an employee opening an email containing an attachment with malware, or clicking on a link which takes them to a malicious website, can offer cybercriminals routes into your organisation. Ensuring that employees are properly educated in regards to their roles and responsibilities for the security of the company won’t entirely prevent human error, but it will go a long way to helping reduce the threat.

As we’ve identified, although a company will be heavily reliant on technology to build resilience against a cyber attack, cyber risk can’t be solely left to those in charge of technology to manage. Businesses leaders across all sectors are now building better understanding of the risks and how strong governance around policies, data and systems and the training of people all play critical parts in building stronger cyber resilience of the business and across its third-party suppliers.

ICAEW has a series of webinars on supply chain cyber security risks. More information can be accessed here:

• Supply chain cyber security series