Ransomware in the Manufacturing Industry

May 30, 2023
Data Protection, Disaster Recovery, Manufacturing

Manufacturing Blog Banner

Ransomware in the Manufacturing Industry

Regardless of size or industry, any organization with an IT system is at risk of a ransomware attack. However, some seem to be more prone to them than others. Companies in the manufacturing industry are among them.

According to the 2023 Unit 42 Ransomware and Extortion Report, manufacturing was the most targeted industry in 2022, with 447 compromised organizations publicly exposed on leak sites. (The professional and legal services industry came in second with 343 victims.)

Reasons for Ransomware Attacks Against Manufacturing Companies

What makes manufacturing companies primary targets for cybercriminals? It could be because these organizations are more likely than many others to run their IT systems with out-of-date software that isn’t regularly or easily updated or patched. Cybercriminals know this and will take advantage of these vulnerabilities to initiate their exploits.

They also know that most manufacturing companies have a very low tolerance for downtime. With deadlines and contract requirements to meet, these companies can’t afford the downtime that could result from a cyberattack. The attack perpetrators count on this to pressure their victims to pay the ransom quickly. And when you consider the four core subindustries that fall under manufacturing ─ transportation equipment; machinery manufacturing; electrical equipment, appliance, and component manufacturing; and primary metals manufacturing ─ it’s easy to see how the criticality of what they produce and/or provide would make these companies eager to avoid any disruptions.

It's not just the potential downtime associated with ransomware attacks that worry manufacturers. That alone can cost a lot, as can the ransoms. And if a company does pay the ransom (which security experts warn against), they often set themselves up for more attacks because the cybercriminals know they are likely to pay.

Of course, the risks also go beyond financial costs. There are reputational costs as well. Customers and partners alike may lose trust in a successfully attacked company.

There’s also the reality that ransomware attacks don’t just affect the company at the receiving end of the attack. The repercussions may be felt across the entire supply chain, distribution channels, customer base – and even the customer base’s customers. The attack on MKS Instruments, a semiconductor equipment maker, in February 2023 demonstrates the ripple effects that can occur.

The attack is estimated to have cost the company at least $200 million in lost revenue. In addition, Applied Materials, a chip manufacturer and MKS customer reported that it may see a downfall of $250 million. Another customer company, Ultra Clean Holdings, anticipates its quarterly revenues will take a $30 million hit due to the attack on MKS.

Tips for Fending Off Ransomware

It’s good for manufacturing companies to understand the causes of cyberattacks and the potential (often expensive) results. But what’s really important is to know what to do to prevent them or at least mitigate potential damage.

Here are 10 tips to consider:

1. Retire/Replace Legacy Systems

    It’s not easy or cheap to replace legacy systems, but doing so eliminates many problems for manufacturers. That includes reducing the chance of cyberattacks. Cyberattackers know that, in many cases, manufacturers still use custom systems built by employees who are no longer with the company or by vendors that have gone out of business. They often run on older, unsupported operating systems or hardware. As such, they’re more likely to contain vulnerabilities just waiting to be exploited. They also aren’t as easy to secure using modern security technologies, particularly the cloud-based kind.

    2. Train Employees on Cybersecurity

      It’s important for all companies, manufacturing included, to train employees on the various types of cybersecurity attacks, associated threats, and how to guard against them. Ransomware attacks are predominately delivered by phishing campaigns, typically via email, making it all the more important to reinforce to employees not to open suspicious links. Even the most astute employees can fall victim to email scams. It’s important to continually share with them examples of emails that can cause issues so they’ll be better able to recognize and avoid phishing campaigns.

      3. Backup Data and Have a DR Plan in Place

        A comprehensive, tested DR plan that includes regular data backups and appropriate data recovery is also a must. Backing up data regularly won’t prevent an attack, but it can reduce potential damage if one occurs. For the best protection, consider offsite or cloud-based backup solutions. Offsite backups can help manufacturers quickly restore data during a cyberattack.

        Ensure the DR plan is regularly tested to ensure it works as expected and considers any changes in personnel, technology, equipment, and business and compliance requirements.

        4. Conduct Regular Patching and Updates

          Patching and updating software regularly can help eliminate vulnerabilities that cyberattackers seek to exploit and safeguard against potential weaknesses. If time and resources are issues, prioritize patching so the most important ones get done first.

          5. Implement, Review, and Update Your BYOD Policy

            With more employees than ever using one or more of their own devices for work-related purposes, a comprehensive BYOD policy is a must-have. Devices and technologies change fast, as do potential vulnerabilities. Continually review and update the policy to make sure there are no gaps. This is another area where frequent employee training is essential.

            Free eBook − Manufacturing: Success in the Fourth Revolution

            6. Invest in Cybersecurity Insurance

              Check company insurance policies. Ransomware may not be covered under traditional policies. Ensure your organization has dedicated cyber insurance coverage that can help cover the financial losses from cyberattacks and costs for remediation, legal assistance, investigators, and more.

              7. Employ Strong Password Security and Multi-Factor Authentication

                The basics need repeating. Impress upon employees the need to always use strong passwords and to avoid re-using passwords or using the same passwords for multiple accounts. They should also never share passwords with others. Consider using tools such as password generators and password managers to help manage and maintain the number of login details.

                Multi-factor authentication is even better (which requires employing a second means of authenticating a user.) That can include SMS, digital certificates based on PKI technology, biometrics, and soft and hardware tokens.

                8. Secure Emails with S/MIME

                  S/MIME is a protocol that uses Public Key Infrastructure (PKI) technology. It’s meant to protect emails sent from your company by providing strong assurances when backed by a trusted Certificate Authority of the sender’s identity. It also uses encryption to protect the confidentiality of the email while in transit on mail servers. In addition, it ensures message integrity with validation processes that ensure the message isn’t altered.

                  9. Conduct Security Audits

                    Regular internal and external security audits are essential for continuously monitoring technology activity, assets, and deployment to contain threats. The audits should cover data security, operational security, network security, system security, and physical security. The results of these audits can help manufacturers identify the need for various security measures and technologies and to get them implemented.

                    10. Implement an Incident Response Plan

                      Unfortunately, even with the most stringent, comprehensive security measures in place, manufacturers can fall prey to ransomware. If and when an attack happens, an incident response plan (IRP) can reduce the impact and repercussions. For information on creating an IRP, download Five “Must-Do’s” When Developing an Incident Response Plan.

                      US Signal Security Services

                      US Signal offers a wide range of security services and security advisory services to help manufacturers and companies in just about any industry strengthen their security profiles. Among them:

                      Contact us for more details.