Manufacturing has started to rely more and more on modern technology, incorporating industrial control systems (ICS), Internet of Things (IoT) devices, and operational technology (OT). These advancements enhance efficiency and streamline operations but have significantly increased the attackable surface for cyber threats.
As per the 2024 IBM Cost of a Data Breach report, the average total cost of a data breach in the industrial domain was $5.56 million. This indicates an 18% rise for the sector compared to the figures from 2023.
Evidently, the data housed in industrial control systems holds substantial value for nefarious individuals. Additionally, any disruption caused by just one hour of downtime makes the manufacturing sector an enticing target for cyber offenders.
What categories of cyber intrusions affect the industrial domain? And what actions can manufacturers take to shield themselves from these dangers? Let’s delve into this.
The repercussions of cyber intrusions on manufacturing
As outlined in the 2024 IBM Cost of a Data Breach report, data breaches incur industrial organizations costs 13% higher than the $4.88 million global average. Moreover, this sector saw the largest increase in costs across all industries, surging by an average of $830,000 per breach from the previous year. This spike in costs may indicate that manufacturers are particularly sensitive to operational downtime. For instance, a typical car manufacturer loses $22,000 per minute when their production line halts.
Regrettably, the challenges do not stop there. The time taken to identify and control a data breach at industrial organizations exceeded the median industry figures, with 199 days for identification and 73 days for containment. These worrying trends highlight the sector’s vulnerability and the financial repercussions of cyber intrusions on manufacturers.
One of the most common forms of cyber intrusions in the manufacturing sector is ransomware. Instances of ransomware attacks on industrial control systems doubled in 2022 alone. When the operations in manufacturing get disrupted, the resulting financial and reputational damages can be severe. Supply chains might suffer significant disruptions, leading to delays in production and revenue losses.
Another critical concern is intellectual property theft. Cyber criminals, including state-sponsored threat actors, frequently target exclusive designs and protected trade secrets to gain economic or strategic edges. Detecting such cyber espionage can be challenging, as attackers might infiltrate networks and extract data over extended periods without detection.
Supply chain assaults also pose significant risks. In these attacks, cyber offenders target vulnerable third-party suppliers or partners to access a manufacturer’s systems. Considering manufacturers often rely on intricate networks of suppliers, a breach at one supplier could have cascading impacts across the entire production line. This interconnection renders the industry particularly susceptible to large-scale attacks.
The rising interdependence of manufacturing systems due to digitalization has notably expanded the attackable area. IoT devices and interconnected systems allow for real-time monitoring and control, yet they introduce vulnerabilities if not adequately secured. This blending of IT and OT boundaries makes it simpler for intruders to infiltrate systems and cause widespread disruptions.
Explore the Cost of a Data Breach Report
Measures manufacturers can undertake to avert cyber intrusions
Given the magnitude and complexity of cyber risks facing the manufacturing sector, it is vital for manufacturers to proactively safeguard their systems and data. Here are some essential steps manufacturers should adopt to enhance their cybersecurity posture:
1. Enforce stringent security protocols
Manufacturers need to set up robust cybersecurity frameworks that oversee all facets of their operations. This involves imposing stringent access restrictions, conducting regular security evaluations, and implementing resilient incident response strategies. Among the crucial elements of any cybersecurity policy is employee training. Many breaches result from human errors, such as falling for phishing scams or mishandling sensitive information. Consistent training ensures that employees stay informed about the latest threats and know how to identify and prevent them.
2. Routinely update IoT devices and firmware
IoT devices commonly serve as weak points in manufacturing systems, as they might lack robust built-in security features. Regularly updating the firmware of these devices and ensuring proper configurations can reduce the risk of exploitation. Manufacturers should also securely integrate IoT devices into their broader network infrastructures and continuously monitor them for any signs of compromise.
3. Segment and isolate networks
Separating IT and OT networks is among the most effective methods to curtail the spread of an attack. By erecting barriers between different systems, manufacturers can impede attackers from moving sideways through their networks in case of a breach. In highly secure environments, air-gapping, which involves isolating critical systems from external networks entirely, can offer an additional layer of defense. This ensures that even if an IT system gets breached, operational technology systems remain unharmed.
4. Invest in advanced threat detection
Real-time threat monitoring tools, like Security Information and Event Management (SIEM) systems, are indispensable for identifying and responding to cyber threats. These tools provide instantaneous insights into network activities and can automatically flag suspicious behaviors for further scrutiny. Additionally, manufacturers should engage in proactive threat hunting to pinpoint potential vulnerabilities before they get exploited.
5. Establish backup and disaster recovery plans
Maintaining secure backups is crucial for lessening the impact of damages caused by ransomware attacks. By regularly creating off-site backupsand validating contingency plans, manufacturers can rebound swiftly from an intrusion without succumbing to a ransom demand. These copies should be encoded and securely stored to prevent unauthorized access or meddling by assailants.
Case Study on Cybersecurity in Industry
In the beginning of 2020, ANDRITZ, a prominent provider of industrial plants, began observing an increase in cyber threats. Its IT framework encompassed numerous systems and security measures that complicated security endeavors. The company’s extensive attack perimeter included more than 280 locations globally and thousands of employees working remotely through the company’s network. Additionally, a myriad of third-party contractors and engineers were granted access to crucial IT systems.
For security information and incident management (SIEM), ANDRITZ opted for IBM Security QRadar on Cloud technology deployed as SaaS. This platform enables ANDRITZ’s security operations center (SOC) to concentrate on identifying and resolving threats, while IBM Security experts offer around-the-clock infrastructure supervision. SIEM is capable of assimilating data and recording incidents from various sources throughout the network. Through the utilization of advanced analytics and correlations across a range of data formats — network, endpoint, asset, vulnerability, threat data, and more — the SOC achieves a comprehensive security perspective.
In a period of less than half a year after engaging with IBM Security and implementing an integrated suite of Managed Security Services (MSS), ANDRITZ had an all-encompassing security services solution in place.
Seize fresh opportunities, alleviate novel risks
The manufacturing sector’s escalating dependence on digital technologies has delivered considerable advantages, yet it has also introduced new vulnerabilities that cyber criminals are keen to take advantage of. With the rise in frequency and complexity of cyber assaults within the manufacturing industry, companies must embrace a comprehensive strategy towards cybersecurity.