As cyber attacks continue to become more industry specific, we can expect 2019 to hold a variety of new threats designed to target manufacturing. Unlike banks and hospitals, which have been more frequently targeted and tend to be more prepared, the manufacturing industry is still working to get its arms around cybersecurity. This hasn’t been lost on hackers, who continue to benefit from organizations without high levels of maturity. Below are some trends and threats to consider while planning your security efforts in the coming year(s):
- Intellectual Property (I.P.) Theft Increases– Intellectual Property theft has always been the thrust of state actors targeting manufacturing. Whether the manufacturer has a unique product that requires protection or works with another firm with large I.P. exposure, attacks of this type are only expected to increase. Add to the equation the pressure placed on countries like China, who’s slowing GDP growth is dependent upon I.P theft for continued innovation—China’s GDP growth was at a twenty-eight year low in 2018 —increasing the use of intellectual property theft from firms in the U.S. helps stabilize their economy and support geographic expansion into the region.
- Cloud Security Threats – As manufacturers gain comfort with storing data in the cloud and take advantage of the ease of management and cost reductions this allows, the threats targeting these vectors will increase. Recent attacks on Office 365 subscribers are evidence of a growing number of large-scale attacks and as manufacturers continue to adopt these technologies the risk of targeted attacks increases.
- Compliance Looms – On May 25, 2018, the General Data Protection Regulation act came into effect. This act applies to all companies, regardless of where they’re headquartered, that monitor the web activity of individuals or offer services and products to individuals inside the European Union. There are significant fines for companies that aren’t compliant and the regulations include a fairly broad definition of those who must comply. However, Manufacturers with employees and/or data stored in Europe are required to comply.
- Supply Chain Threats – Cybersecurity is a game of weakest links and as the Target breach demonstrated, the vendors who support a manufacturer can introduce threats regardless of the technical controls an organization employs. Manufacturers are uniquely exposed due to the number of firms that they depend on for parts and services, and while they may have their ducks in a row, the smaller firms selling different components of assembly may introduce threats that are just as severe.
- IOT/SCADA – No article on cybersecurity for manufacturers would be complete without mention of SCADA and IOT threats to manufacturing. Tools such as SHODAN.IO have made locating exposed PLC’s and control units something easily done by almost anyone, and hackers are frequently using these tools to identify targets. As manufacturers continue to automate processes, their cybersecurity risk continues to increase. Many of the controllers and applications were written before security was such a critical topic, and sadly the “login: admin password: admin” issue is likely to continue into 2019.
ProCircular’s staff has decades of experience in manufacturing and protecting both the companies and customers that they serve. We would love a chance to sit down and unpack the risks you see above and help you to prioritize your response. We understand that resources are limited and can help make sure that you’re spending yours wisely and effectively.