Manufacturers remain a major target for malicious activity, from cyber-criminals purely seeking profit to malevolent nation-states bent on causing havoc. The manufacturing sector is a perfect target, because it is a financially stable industry that is highly dependent on technology, with money and sensitive data ripe for the picking.
Nearly half of all manufacturing organizations have a security rating of F, D or C. For context, organizations with an A security rating are 7.7 times less likely to experience a data breach than organizations with an F rating.
Some factors contributing to growing cyber-security threats in the manufacturing sector include increased targeting from cyber threats, and slow application of security updates.
According to recent data, 37% of critical manufacturers experienced a malware infection in 2022. Since 2018, two of the world’s largest electronics manufacturers (Delta Electronics and TSMC) suffered ransomware attacks that halted operations, impacting the global supply of goods.
Furthermore, patching cadence — the time it takes an organization to test and deploy a security update — is one of the ten major risk factors considered when analyzing an organization’s security rating. This factor evaluates the number of outdated assets an organization has and the rate at which it applies patches compared to its peers. Patching cadence saw a significant drop among manufacturers from 2021 to 2022.
Why Are Critical Manufacturers Facing These Challenges?
Managing cyber risks in the manufacturing sector is difficult because of the complexity of the business. Manufacturers are often inter-connected and highly dependent on one another. A cyber-attack on one organization can have a ripple effect that impacts several.
The rapid digitalization and scaling of advanced technologies in this sector have also brought on extra risks. Today’s adversaries are agile, and use sophisticated tactics for both the execution of attacks and the extraction of payment. Since information security (InfoSec) teams often operate with limited budgets, they lack the necessary resources and manpower to keep pace with attackers.
What Can Manufacturers Do to Mitigate Their Cyber Risk?
Simply increasing financial investments is not a practical or effective way to address cyber-security risks. The quality is far more important than the quantity. Manufacturers need dependable cyber-security solutions and partners to help them drive positive change in their programs.
There are multiple ways manufacturers can work with InfoSec teams and cyber-security partners to mitigate their risks.
Develop a Robust Vendor Risk Management Program
New research shows 98% of organizations have a relationship with at least one third party that has been subject to a cyber-security breach. Manufacturers must take a close look at their vendor risk management (VRM) program, and ensure they are investing in tools that give them a complete view of their vendor ecosystem. This will allow them to pinpoint specific vulnerabilities within each vendor, drive discussion for effective risk mitigation, and provide reassurance that their vendors' security profiles align with their posture.
Implement Continuous Monitoring of Cyber Risks
Organizations’ vulnerabilities are constantly evolving and expanding, so manufacturers should implement continuous monitoring as part of their security program. These platforms allow businesses to quickly identify, assess and mitigate risks in the supply chain, through business process automation, the application of machine learning and real-time cyber-security threat intelligence.
Create an Incident Response Plan
To prevent prolonged disruptions, manufacturers need an incident response plan that allows them to take immediate action to remediate incidents and mitigate risk. By doing this, organizations can prevent additional data loss and fix vulnerabilities to avert further attacks.
Quantify Risk
Manufacturers need modern solutions to quantify the effectiveness of their security programs. Risks must be presented in a way that highlights their financial damage, in order to justify security budgets, and ensure that investments are allocated efficiently and effectively. Holistic conversations about the financial impact of cyber risks guarantee the sustainability of the business, and cyber risk quantification will drive sensible risk-management strategies.
The manufacturing sector must have up-to-date cyber-security tools and cyber-hygiene practices. Doing so will strengthen the global supply chain and public safety as well.
Christos Kalantzis is CTO and EVP of Engineering for SecurityScorecard.