Aside from financial gain, hackers are also targeting the manufacturing sector for the intellectual property
Los Angeles, Calif. – Apr. 16, 2018
The healthcare industry has had a bullseye on its back for the past two years. The media has splashed headlines about antiquated systems, ransomware attacks and even Grey’s Anatomy dedicated an episode to a hacker taking over the hospital’s systems. It’s mainstream – we get it.
With this elevated attention has come improvement. More investment, more understanding, more process, more preparedness. So who is the next target?
In my opinion – it’s manufacturing. I’ll even go so far as to say Manufacturing is the New Healthcare in 2018.
In the manufacturing industry, where types of malware like Cryptolocker have done some real damage, we are now seeing organizations maturing their security programs and making serious investments in order to keep up with ever changing exploits. But this isn’t enough.
According to a recent Cisco survey, 40 percent of the manufacturing security professionals said they do not have a formal security strategy. What’s more – 37 percent of manufacturers say they have no incident response plan in place!
Consider the sheer number of machines operating in any manufacturing plant. From robotic arms to computers connecting entire networks together, manufacturing plants are a hotbed for connected things.
A recent article in the CIO Journal, published by The Wall Street Journal, stated “Almost any connected device, whether on the shop floor in an automated system or remotely located at a third-party contract manufacturer, should be considered a risk.” And yet, far too many manufacturers have neglected to perform cyber risk assessments of the industrial control systems operating on their factory floors.
We can all understand how this industry has also become increasingly attractive to hackers. Aside from financial gain, hackers are also targeting the manufacturing sector for the intellectual property. So why aren’t we ahead of the curve here? Consider the following:
- 21 percent of manufacturers have suffered a loss of intellectual property from cyberattacks. Theft of intellectual property tops the list of cyber threats to manufacturers.
- Manufacturing executives indicate that four of the top ten cyberthreats facing their organizations are directly attributable to internal employees.
- 28 percent of manufacturing organizations reported a loss of revenue due to cyberattack(s) last year.
- 95 percent of manufacturing security professionals responding to a survey said cybersecurity breaches have driven improvements at their companies.
These numbers paint a very clear picture – manufacturing is the new healthcare in 2018
Now – how did we get to this point?
Like healthcare, the manufacturing industry is focused on both innovation and efficiency. It’s still a relatively new concept to put security top of mind and it can be difficult to grasp the scope of the risk – both reputationally and financially from a cyber breach. Going back and updating policy, enhancing technology and redesigning process is very cumbersome and slow in some of these large manufacturing environments – plus many would be impacted on a global scale. Change like this requires top – down support. It’s imperative that executives across these organizations take a leadership position in advancing their cybersecurity postures.
“Manufacturers are still under-invested in cyber defense” says Steve Morgan, founder and Editor-In-Chief at Cybersecurity Ventures. “They’re where healthcare organizations were five years ago. Hopefully they won’t be hacked into spending to beef up their security the way hospitals have. It’s way more stressful reacting to a data breach in the headlines than to plan ahead.”
The pressure is on. It’s time to ask yourself:
- Have we developed a cyber risk management program internally? Are we having conversations about how we identify emerging risks, where responsibility lies for developing cyber policy and maintaining security roadmaps? Are we mapping the outcomes of those discussions back to our risk profile?
- Are the basic cyber hygiene elements in check? When is the last time we performed a security assessment or patched our systems? Do we have a regular cadence of reviews and audits?
- What is our level of visibility and detection? Are we logging key assets to a Security Incident and Event Management system (SIEM) and are we alerted when unusual activity occurs?
- Do we have an incident response plan in place? Have we fully vetted our crown jewels and are we clear on who the key contacts are that would participate in the various phases of an incident being escalated? Are we prepared for an emergency?
- Have we educated our team? Despite all of the connected technology at play in a manufacturing environment, people are still the weakest link. Do we have a cybersecurity awareness program in place? When is the last time we trained our team or performed a social engineering test to measure the effectiveness of that training?
- What does good look like amongst our industry peers and what can we learn in terms of emerging threats, new technology or best practices that will help us advance our security postures?
By now, we can all agree that cyberattacks are on the rise in this space. Ensuring you have visibility across the scope of your environment and that you’re monitoring it 24×7 whether with your own team, or a Managed Services Provider is key.
You’ve got to make cybersecurity a priority as you develop policies and design processes going forward. Your team needs to be aware when anomalous activity occurs. It’s not enough to focus on innovation & efficiency, security is a pillar of every business today.
We’re focused on manufacturing but think about your reaction to the recommendations here had I inserted retail, legal services, or education into the title. Would you have been surprised?
So what comes next? Start asking questions. Take a leadership position in your own environment and peel back the onion to move your practice forward. The Time Is Now.
To Your Success,
Originally posted on cybersecurityceo.com