Why Manufacturers are in the Crosshairs of Threat Actors

What is a Brand Discovery ?
Chris Jacob, Vice President, Threat Intelligence Engineering, ThreatQuotient.

As Manufacturers try to deal with challenges ranging from natural disasters to the global supply chain, a new challenge has entered the field: digital transformation. Whilst essential to maintain a competitive edge and to optimise operations, investing in technologies is leaving the manufacturing industry vulnerable to cyber threats.

In today’s modern digitised environment, the manufacturing industry faces multiple interwoven challenges that can seriously impact its overall performance and sustainability.  These challenges include supply chain disruptions, with events such as natural disasters, geopolitical issues, and pandemics disrupting the global supply chain, affecting the timely delivery of raw materials and components. These disruptions put pressure on manufacturing organisations to better plan for potential supply chain uncertainty while responding quickly to customer demand changes and trying to keep costs low.

Investing in new technologies

Likewise, keeping up with rapidly evolving Industry 4.0 technologies such as automation, artificial intelligence, and other smart factory solutions can be a significant challenge. Manufacturers need to invest in and integrate these technologies to stay competitive.

However, with a low tolerance for downtime, operations that cross international borders, and servers full of valuable information, cybersecurity threats are an ever-present risk. As manufacturing processes become more connected through the Internet of Things (IoT) and other cyber-physical technologies, the industry becomes more vulnerable to cyber threats. It is estimated that 29 billion devices will be connected by 2030, therefore protecting sensitive data and ensuring the security of interconnected systems is crucial. Unfortunately, however, globalised supply chains exacerbate the problem, allowing attacks to spread between organisations.

Legacy systems that may contain vulnerabilities and other security gaps are also challenging. Using outdated technology increases the risk of security breaches due to the absence of the latest security features. Such systems are frequently unsupported by their original developers, leaving them without essential security patches and updates. As cyber criminals continually discover new ways to access information, relying on outdated technology jeopardises data and may result in additional expenses, either through paying criminals or losing customers. Manufacturers are trying to maintain and reduce production costs, so while opting for older technology may seem like a cost-saving measure, it could ultimately expose the manufacturer to significant risks and financial consequences. 

Repeatedly targeted by ransomware attacks

Manufacturers need to address these concerns strategically to navigate the industry’s dynamic landscape successfully. Implementing robust risk management, investing in technology and innovation, and fostering a skilled and adaptable workforce are key components of staying competitive in the manufacturing sector.

This is easier said than done when you consider how targeted the industry is by cyberattacks. According to Statista, in 2023, manufacturing saw the highest share of cyberattacks among the leading industries worldwide. The sector encountered nearly a quarter of the total cyberattacks, and manufacturing was the industry most targeted by ransomware attacks. Companies in this sector saw 638 ransomware attacks in 2023.

Additionally, cybercriminals often employ supply chain attacks to manipulate a company’s manufacturing processes through interference with both hardware and software. Malicious software may be inserted at any point in the supply chain, potentially leading to disruptions or outages in the organisation’s services because of a cyberattack.

Clorox breach cost $356 million

One such example in 2023 is major American goods manufacturer Clorox, which suffered significant disruption because of a ransomware attack. According to an SEC filing by Clorox, the attack took many of its automated systems offline, including those by which large retailers such as Walmart and Target order products. This highlights how the breach of one organisation can disrupt an entire supply chain.

While Clorox never confirmed if the attack was ransomware, the fallout, particularly the operational downtime, is consistent with other ransomware attacks. The breach also cost Clorox $356 million due to a 20% decline in sales based on lower production volumes due to the attack. This is in addition to a steep drop in stock price and the $25 million Clorox spent securing their systems post-breach.

And it is not just ransomware that manufacturers need to defend against. Extensive phishing campaigns enable their perpetrators to gather various forms of sensitive information, including but not limited to bank account details, social security numbers, and credit/debit card information. Alternatively, they may coerce the victim into paying directly into the attacker’s bank account. Moreover, phishing activities can be motivated by other objectives, such as acquiring sensitive data to tarnish the reputation of the targeted entity or disseminating malicious software to wreak havoc on the company’s physical assets and equipment.

Given the rise of targeted cyberattacks in manufacturing, resilience against threats must be a top priority. Therefore, continuous monitoring and threat intelligence is vital to protect against these ongoing and emerging threats.

How a data-driven threat intelligence platform can help

To do this, manufacturers should take a data-driven approach to threat intelligence. This is where we can help. Serving as the hub of intelligence operations for many industries, our ThreatQ Platform aggregates and combines unstructured and structured data from any source, internal and external. There’s no need to alter existing security infrastructure or workflows; all tools and technologies work seamlessly with our open architecture. Likewise, our no code / low code automation eliminates repetitive, time-consuming tasks so security analysts can focus on high-priority and strategic work. Our platform also provides flexibility to share curated threat intelligence, advisories and reports with various internal and external stakeholders, including other organisations in the manufacturer’s supply chain. This contributes to hardening the supply chain against attacks.

Ultimately, we’re helping manufacturing organisations build robust data-driven threat intelligence programmes that safeguard their operations, intellectual property, and compliance standing while ensuring continuous and secure production environments.  As manufacturers look to take advantage of AI and Industry 4.0, and as they automate more of their environment, they need to ensure that they have robust security measures to prevent them from becoming the latest ransomware victim.

Chris Jacob, Vice President, Threat Intelligence Engineering, ThreatQuotient.

As VP of Threat Intelligence Engineering, Chris Jacob leads a global team of engineers in working with prospects and customers to assess their current approach to intelligence, understand their needs, and provide them with a product driven solution. Chris has over 15 years of experience in information security, beginning with serving as battalion information systems coordinator during his time in the Marine Corps, and includes leadership positions at Sourcefire, Fidelis Cybersecurity, and Webroot.