< Back to Thought Leadership

Manufacturers – The Perfect Target for Cybercriminals

With increasing speed and consistency, data breaches and financial losses due to cybersecurity incidents are occurring across companies of all types – and small and medium-sized manufacturing companies are not exempt.

Manufacturing continues to be a top target of cybercriminals. As reported in the 2019 Verizon Breach Report, the industry experienced 536 incidents, 73 with confirmed data disclosure. In 2020, the industry reported 922 incidents, 381 with data disclosure. This is an increase of 66% of in incidents and a 422% increase in the number of data disclosures year over year. These were only the “reported” incidents. The number is likely much higher.

Two things that attract a cybercriminal to a specific type of company or industry:

  1. There are digital assets inside those companies or institutions that can be easily monetized or utilized for profit.
  2. The ease with which they can obtain those digital assets.

Manufacturers tend to check both boxes. From a digital asset perspective, intellectual property related to your manufactured products is highly valuable.

In 2016, a Midwest manufacturer that provides products to the oil and gas industry realized their engineering network had been breached after they lost out on a bid. The winning bid went to a Chinese manufacturer and whose product was frighteningly like the Midwest manufacturer’s product. After a forensic audit of their network, the Midwest manufacturer determined their engineering data had been compromised from a Chinese IP address.

Secondly, how difficult is it to get the digital assets?

The cybercriminal community recognizes that many manufactures, particularly small and medium-sized, have not taken the appropriate measures to properly protect their systems and data from attack. It is an industry that cybercriminals consider to be an easier target than banks or retailers.

Threats, Vulnerabilities and Emerging Issues for Manufacturers

There are several threats and vulnerabilities that manufacturers need to protect against. The most common today is the threat of malware and ransomware.

Malware is a piece of software code that may take several actions, including obtaining login credentials, copying and stealing files, or causing disruptions to operations. Ransomware is a single-purpose piece of malware that encrypts your files throughout your network, locking you out of being able to access your data or your systems. You’re forced to pay a ransom to obtain the decryption password (key).

The most common method to deliver malware and ransomware is through phishing emails. These are emails that try to take advantage of human weakness by convincing someone to click on a link or open an attached file to the email. That action unleashes the malicious code into your network.

Another emerging threat is the expansion of your network beyond the four walls of your facility(s). As more manufacturers and their customers become interconnected with each other, you not only need to worry about the security of your network, but also the security of your customer’s network, or perhaps the security of your suppliers’ network.

Additionally, manufacturing internal networks are expanding as much if not more than any other industry.

The advent of the Internet of Industrial Things (IoIT) has dramatically increased the risk profile as there are that many more entrance points into your network. Honda Motors, which experienced a global ransomware attack in 2020, found their internet-connected assembly lines disabled because of the ransomware attack.

Finally, the amount of data you are maintaining within your company has increased dramatically in the last 3-5 years. These new databases, data marts, data warehouses, etc. create additional targets for the bad guys to target and more technology you need to protect.

How Can Small-and-Medium Sized Manufactures Protect Themselves?

There are a few very simple and cost-effective “blocking and tackling” actions small and medium-sized manufactures can do to better protect themselves from cyber-attack. These include:

  • Make sure your applying software patches as soon as possible.
  • Enforce strong password Do not allow easily guessed passwords on your network.
  • Provide training and awareness to your employees. Make them aware of the threats of phishing emails and demonstrate what type of red flags they should look for in these emails.
  • Reduce employee access to systems and remove administrative access from all employees and limit it to IT.
  • Encrypt your workstations and servers and disable USB drives if possible.
  • Implement and maintain a good data backup plan and test the restorability of your backups a few times a year. Store backups off-site.
  • Patching Your Software — Most of the breaches that occur take advantage of known vulnerabilities in software you have on your network. Whenever you get software updates, those software updates are security updates. You need to beat the cybercriminals to those vulnerabilities that exist in your network and patch those vulnerabilities.
  • Develop an incident response plan and practice it. If you’re breached, know what your first phone calls will be and what are actions you can take to contain and eradicate the threat.

Blue & Co has a cybersecurity practice ready to help you assess your risks and recommend practical and pragmatic controls that will reduce your risk of a cyber-attack.

woman using a quickbooks point of sale system

Blue & Co. Offers Expertise to Not-For-Profits Affected by QuickBooks Point of Sale Discontinuation

By Nancy Orben, CPA, Senior Manager, Laura Philpot, Senior Accountant, Business Services, and Lisa Totten, Senior Accounting Specialist at Blue & Co. Attention all not-for-profit organizations! Are you currently using QuickBooks Point of Sale in your gift shops, ticket sales, or day-to-day business? If so, you may have heard the recent news that Intuit will […]

Learn More

Contract Services: Impact on Wage Index

In the past several years, hospitals have continued to feel the impact of increased utilization of contract nursing and other contract services. Although these services have developed into a major expense line item, it is important for hospitals understand how expenses related to contracted services can impact the wage index factor for Medicare reimbursement. Contract […]

Learn More
shamrocks not-for-profit tips

3 Lucky Tips for Not-For-Profits to Avoid Bank Fraud

Trusted Insights from The National Bank of Indianapolis Nonprofit Services Team Not-for-profit organizations are increasingly falling victim to fraud, with a rising number of incidents and an ever-growing amount of money being lost. Fraudsters find it easy to target not-for-profits, as their publicly available 990s provide valuable information. Protecting your organization from such fraudulent activities […]

Learn More