Packaging Digest is part of the Informa Markets Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Why Are Manufacturers So Prone to Cyber Attacks?

Article-Why Are Manufacturers So Prone to Cyber Attacks?

Peach_iStock / Getty Images Plus via Getty Images cybersecurity
The focus on uptime over security leaves manufacturers vulnerable to ransomware and other cybercrimes.

The FBI recently issued its annual Internet Crime Report documenting the top cyber complaints from the past year. Manufacturing ranked second among critical infrastructure sectors most commonly victimized by ransomware attacks.

Recently, Deloitte also noted the increase in cybercrime against manufacturers in its Global Cyber Executive Briefing. The report details that manufacturers are increasingly targeted not just by traditional malicious actors such as hackers and cyber-criminals, but also by competing companies and nations engaged in corporate espionage. Motivations vary from seeking money to attempts to gain competitive advantage and strategic disruption.

In the Deloitte report, analysts explained that many existing manufacturing systems were developed at a time when security was much less of an issue. “The focus of manufacturing technology has traditionally been on performance and safety, not security,” analysts said in the report. “This has led to major security gaps in production systems,”

This video hones in on the particular cybersecurity threats facing manufacturers:


Cybersecurity threats are nothing new to manufacturing. JP Perez-Etchegoyen, CTO of Onapsis, noted that the latest figures on cybercrime against manufacturers reemphasize the need for manufacturers to strengthen their ransomware detection and mitigation. Perez-Etchegoyen explained that among the attacks reported to the FBI’s Crime Complaint Center, ransomware was responsible for more than $34 million in losses last year.

We caught up with Perez-Etchegoyen to look further into the cyber vulnerabilities that manufacturers face.

Design News: Why manufacturers? Are they particularly vulnerable?

Perez-Etchegoyen: The diversity of the environments that are typically deployed across the organizations within the manufacturing industry leads to significant security gaps that are exploited by ransomware gangs. We are talking about corporate networks with traditional protections, as well as manufacturing plants and industrial locations with widespread OT networks that may have very diverse levels of security across the board.

DN: Is it because they are quick to pay off the ransom to avoid downtime?

Perez-Etchegoyen: Downtime does become critical in the manufacturing world. Revenue is dependent on being able to operate the plants and ransomware tends to be very destructive, causing significant downtime that translates into significant losses for organizations. That is why, in many cases, manufacturing organizations prefer to pay the ransom in an attempt to restore operations with the lowest possible downtime.

DN: Does it have to do with the conflict between IT and OT priorities?

Perez-Etchegoyen: That definitely contributes. The levels of investment and security protections that organizations deploy on IT networks are way more advanced than whatever is ultimately deployed across the OT networks. The devices connected to OT networks are not managed with security as a priority, but with availability as a driver for productivity, generating a conflict when there are required downtime windows to perform improvements or apply security patches.

DN: What are some of the solutions?

Perez-Etchegoyen: We could try to bring a sophisticated plan into life but the reality is that the solution starts with basic hygiene. That means applying security patches across the board, managing security configurations, and implementing the principle of assigning the least privilege. If we think about the 80-20 rule (20% of the work generating 80% of the outcomes), those three security measures would probably get you pretty close to that 80% threshold.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Multigenerational Workforce

In today’s workplace, five generations are actively employed. In this free ebook, learn how to leverage the strengths of each generation in your packaging department.