Sign up for the Packaging Digest News & Insights newsletter.
The focus on uptime over security leaves manufacturers vulnerable to ransomware and other cybercrimes.
May 30, 2023
3 Min Read
Peach_iStock / Getty Images Plus via Getty Images
The FBI recently issued its annual Internet Crime Report documenting the top cyber complaints from the past year. Manufacturing ranked second among critical infrastructure sectors most commonly victimized by ransomware attacks.
Recently, Deloitte also noted the increase in cybercrime against manufacturers in its Global Cyber Executive Briefing. The report details that manufacturers are increasingly targeted not just by traditional malicious actors such as hackers and cyber-criminals, but also by competing companies and nations engaged in corporate espionage. Motivations vary from seeking money to attempts to gain competitive advantage and strategic disruption.
In the Deloitte report, analysts explained that many existing manufacturing systems were developed at a time when security was much less of an issue. “The focus of manufacturing technology has traditionally been on performance and safety, not security,” analysts said in the report. “This has led to major security gaps in production systems,”
This video hones in on the particular cybersecurity threats facing manufacturers:
Cybersecurity threats are nothing new to manufacturing. JP Perez-Etchegoyen, CTO of Onapsis, noted that the latest figures on cybercrime against manufacturers reemphasize the need for manufacturers to strengthen their ransomware detection and mitigation. Perez-Etchegoyen explained that among the attacks reported to the FBI’s Crime Complaint Center, ransomware was responsible for more than $34 million in losses last year.
We caught up with Perez-Etchegoyen to look further into the cyber vulnerabilities that manufacturers face.
Design News: Why manufacturers? Are they particularly vulnerable?
Perez-Etchegoyen: The diversity of the environments that are typically deployed across the organizations within the manufacturing industry leads to significant security gaps that are exploited by ransomware gangs. We are talking about corporate networks with traditional protections, as well as manufacturing plants and industrial locations with widespread OT networks that may have very diverse levels of security across the board.
DN: Is it because they are quick to pay off the ransom to avoid downtime?
Perez-Etchegoyen: Downtime does become critical in the manufacturing world. Revenue is dependent on being able to operate the plants and ransomware tends to be very destructive, causing significant downtime that translates into significant losses for organizations. That is why, in many cases, manufacturing organizations prefer to pay the ransom in an attempt to restore operations with the lowest possible downtime.
DN: Does it have to do with the conflict between IT and OT priorities?
Perez-Etchegoyen: That definitely contributes. The levels of investment and security protections that organizations deploy on IT networks are way more advanced than whatever is ultimately deployed across the OT networks. The devices connected to OT networks are not managed with security as a priority, but with availability as a driver for productivity, generating a conflict when there are required downtime windows to perform improvements or apply security patches.
DN: What are some of the solutions?
Perez-Etchegoyen: We could try to bring a sophisticated plan into life but the reality is that the solution starts with basic hygiene. That means applying security patches across the board, managing security configurations, and implementing the principle of assigning the least privilege. If we think about the 80-20 rule (20% of the work generating 80% of the outcomes), those three security measures would probably get you pretty close to that 80% threshold.
About the Author(s)
Rob Spiegel has served as senior editor at Electronic News and Ecommerce Business, covering the electronics industry and Internet technology. He has served as a contributing editor at Automation World and Supply Chain Management Review. Rob has contributed to Design News for 10 years.
You May Also Like
Food Packaging Faceoff: Paperboard Versus rPET PlasticFeb 21, 2024|4 Min Read
Coffee's Still Hot in America, Especially When It’s ColdFeb 20, 2024|6 Min Read
What Does the EU MDR Extension Mean for Packaging?Feb 16, 2024|3 Min Read
Is Chlorine Dioxide the Answer to the 'EtO Problem'?Feb 15, 2024|4 Min Read