A 2018 report by McAfee and the Center for Strategic and International Studies estimates that cybercrime costs the world almost $600 billion annually, or 0.8% of global GDP, which is up 35% from an estimated $445 billion in 2014.
New technologies have made attackers more efficient and effective, and the low risk-to-high payoff ratio has incentivized cybercriminals.
The manufacturing sector is not immune from these risks – it ranked third on IBM X-Force’s list of the most frequently attacked industries in 2016.1 And, the IT infrastructure and production lines of manufacturing are at an increased risk of cyber-attack because it is expected that they will not have the same cybersecurity protection of more regulated industries such as financial services.
A manufacturing company’s crown jewels, or most valuable data assets, are typically considered to be intellectual property (IP), internal operational information (OI), and the associated operations.
Though difficult to quantify or translate into financial gain, the theft of intellectual property is estimated to account for at least a quarter of the worldwide cost of cybercrime.2
In addition, the theft of IP may go undetected, with the corresponding financial impacts unrecognized and appearing to be revenue decline due to increased competition.
There are always competitors that seek to make similar products better or more cheaply. A nefarious approach to making something cheaper is to let someone else invest in the research, then steal the resulting IP.
As production facilities in other parts of the world become more sophisticated, it is easier to re-create products with symmetry to the original if blueprints or other schematics are stolen from the owner of the IP, which in 2011 was estimated to be valued at $8.1-$9.2 trillion in the U.S. economy.3
Other proprietary data that can be valuable and susceptible to attack includes any information that could give a competitor an advantage, such as customer lists and product pricing, business plans such as expansion into new markets, and new product offerings with estimated future release dates.
Regardless of the form of the IP, the theft of it is typically a targeted attack conducted as a form of cyber-espionage. Attackers attempt to gain a foothold within the organization by attacking the “carbon layer” – sending a phishing email to an employee with either a malicious link or attachment.
When the employee clicks the link or opens the attachment, an initial foothold is established in the form of installed malware. The goal of the attacker at this point is to remain undetected, spread through the IT infrastructure, discover the crown jewels, then slowly exfiltrate the data for as long as possible.
While theft of IP is typically a targeted attack, there are also attacks on IP and operations that can be more opportunistic in nature. Ransomware is a type of malware that extorts money from a victim by preventing the use of a system or access to data until a ransom is paid.
With the advent of crypto currencies, hackers can request funds for ransoming IT systems that are nearly untraceable. Usually, ransomware is not targeted at specific organizations, opportunistically relying on infected websites, phishing attacks, and other traditional malware delivery mechanisms.
This means that any manufacturing organization, regardless of size, could become a victim. Such an attack could create significant negative impacts to sales, production, and distribution systems. These impacts were realized for Mondelez International, Inc. in 2017, resulting in $84 million spent on the recovery effort and an estimated negative impact of 0.4% on net revenue and Organic Net Revenue growth.
The profitability of ransomware has led to its continued evolution, including the emergence of more targeted attacks based on factors such as company size, number of network nodes, and criticality of data and/or operations. Attackers attempt to maximize their financial gain by focusing on larger companies that would be more willing to pay significant amounts of money to restore operations and data.
“As an organization, we are focused on protecting ourselves against potential theft of our intellectual property (IP) as well as the continued operation of our manufacturing lines and the business processes that support it. We are also preparing ourselves to be more resilient and limit the impact should we suffer a successful attack.” Orphee Paillotin, IT Manager, Poclain Hydraulics Inc.
There are a variety of ways to protect your business from cyber risks. Some of these are outlined in the National Institute of Standards and Technology’s Cybersecurity Framework: Manufacturing Profile.4 The first step would be to have a cybersecurity assessment performed on your business and its operations to identify existing vulnerabilities, assess the current cybersecurity posture, and identify remedial actions to improve cybersecurity defenses. Then, options can be considered to address the identified threats, including:
- Phishing countermeasures – Many attacks are initiated via phishing. Train your employees to recognize and respond appropriately to potential phishing emails, and provide them with a quick and easy way to report them.
- Formalized patching process – Defining and implementing a formalized and centralized patching process that prioritizes and tracks the deployment of patches is an important aspect of reducing the organization’s attack surface.
- Network segmentation – If the organization’s crown jewels in terms of IP and critical operations are known, leveraging network segmentation to provide additional protection can make it more difficult for attackers to succeed, should they gain an initial foothold.
- Endpoint detection and response – As users and their endpoints are typically the initial target of attackers, implementing enhanced endpoint protection, detection, and response is critical.
- Data leakage prevention (DLP) – The implementation of a DLP solution to prevent the exfiltration of sensitive data such as IP is an important mitigating control to disrupt the success of attackers that have gained an initial foothold and discovered the organization’s crown jewels.
- Organizational resilience – Performing a business impact assessment (BIA) and appropriate business continuity (BC), disaster recovery (DR), and incident response (IR) planning is critical for minimizing the impact of a successful attack.
If you haven’t assessed the risks to your IT environment in the last year, or are unsure if your assessment is comprehensive enough to cover the risks identified above, consider reaching out to a trusted advisor on developing or implementing an IT assessment.