Merck, a key player in the pharmaceutical industry, took a significant hit to its manufacturing operations when ransomware infected employee devices across the globe. Not only did this do vast damage to its logistics, but it ended up costing the pharma giant more than $275m.
As the manufacturing industry leans heavily on legacy technology, it’s unknowingly leaving itself vulnerable to cyber risk, thanks to gaping security holes and years of prioritizing efficiency over security. As the magnitude and rate of these attacks increase, the manufacturing industry will continue to grow in notoriety as an easy target with outdated security practices.
Unless manufacturers act quickly, the next attack may be right around the corner.
A Fatal Combination
The elaborate networks that manufacturers utilize are often extremely specialized, creating a very large attack surface that is nearly impossible to manage with outdated security practices. Just one data breach can cripple an entire organization by leaking sensitive information ranging from customer data to intellectual property and beyond.
However, information theft is just one threat that manufacturers face. Not only is valuable data at risk, but hackers can attack the physical infrastructure. Once infected, servers can cause machinery to malfunction or overheat, permanently damaging operating sites. These attacks can have lasting effects on productivity as well as the bottom line. Just last year there was $1.3 million lost for every data breach, with 28 percent of manufacturers reporting an average 14 percent of lost revenue due to attacks.
The juxtaposition of legacy equipment paired with modern technology is one of the biggest challenges in manufacturing cybersecurity. For example, packaging lines and Internet of Things (IoT) devices don’t always work with legacy firewalls and other software. Even worse, botnets can launch distributed denial-of-service (DDoS) attacks on sophisticated systems, crashing networks connected to any given device.
Because of historically weak security protocols and minimal security surrounding legacy equipment, bad actors have been targeting manufacturers for years. In prioritizing cybersecurity, manufacturers can build resilience and become a less attractive target for hackers.
Taking Back Cybersecurity
Bad actors will continue to target manufacturing organizations as long as they can retrieve information that makes a profit on the dark web. By taking steps to develop a powerful security program, manufacturers can deter hackers’ attempts before any significant damage is done. Here are four steps organizations can take to develop a significant cybersecurity plan:
- Prioritize the assets. Conducting a thorough IT risk assessment is needed in order to help identify how to secure sensitive information and build a robust cybersecurity plan. Hackers are more likely to target certain assets first, so it’s important to start by protecting the most valuable assets like IP and trade secrets. Companies need to secure networks and encrypt storage for any proprietary data to prevent any losses.
- Educate employees. The majority of data breaches are due to human error, so it’s important that employees are trained to practice proper protocols. By providing an internal training program, employees are better equipped to protect the company’s sensitive data as well as their own. By adhering to cybersecurity best practices, employees are able to avoid attacks such as phishing and are less likely to be the cause of data leaks. To reinforces these practices, manufacturers are highly encouraged to test employees periodically to ensure that they are continuously practicing safe habits.
- Practice routine patching. While staying on top of software updates might seem like an arduous task, manufacturers should always remember to update their computer systems and other IoT devices with the latest software patches. By not installing the latest updates, manufacturers are left vulnerable to harmful malware that can exploit software vulnerabilities, destabilize software and enable viruses to gain control over manufacturing facilities. Staying up to date with software patches can fix security flaws by improving system stability, providing new features and delivering bug fixes.
- Develop a response plan. In the unfortunate event that a holistic security plan fails, manufacturers must have an incident response plan in place. This plan details how businesses should contact their key stakeholders and how backup systems are properly utilized in order to minimize data loss. Employees should be given guidance in their training on how best to respond to a cyberattack, in an effort to shorten a manufacturer’s recovery time following a successful attack.
Expecting the unexpected is a lofty goal, but a thorough cybersecurity plan is a good start. Elevating cybersecurity on the list of priorities, from modernizing facilities and operations to investing in employee resources, can protect manufacturers against disastrous consequences.
Nikolai Vargas is chief technology officer of Switchfast, an I.T. consulting and managed services provider.