How can manufacturers beat cybercrime?
EXPERT OBSERVER
Why is the manufacturing industry a target for cyber criminals?
In two words, money and information. Most cybercriminals want cold, hard cash or access to trade secrets.
In its 2018 Data Breach Investigations Report, global telecommunications and technology company Verizon reveals that financial motives are behind just over half of all data breaches in the manufacturing sector, while espionage makes up most of the other incidents as spies seek to gain confidential information from companies.
The findings show what the cyber crooks are after, with personal information (32 per cent), company secrets (30 per cent) and credentials (24 per cent) topping the list. With the latter, stolen credentials can be used to ramp up cyberattacks and access other data types.
Chris Tappin, Principal Consultant at the Investigative Response team for the Verizon Threat Research Advisory Centre, points out that first-mover advantage is crucial in the manufacturing sector, so cyber criminals are hell-bent on trying to pinch companies’ best ideas. “If they can obtain trade secrets, such as plans and R&D information, and then use these to bring an idea to market first, they can potentially make big financial wins,” he says.
Whereas organised crime gangs are responsible for most attacks on retailers, accommodation, food services groups and financial services companies, state-sponsored hackers carry out the greatest percentage of manufacturing attacks. These rogue governments want intellectual property as a means to score trade success and often see manufacturers as an easy target because old IT systems are difficult to update and protect. Better still, they know that many manufacturers’ supply chains are large and exposed, giving them an opportunity to infect many suppliers and businesses at the same time.
What are some high-profile examples of attacks on manufacturers?
One of the best known is the attack on networks of defence contractor Lockheed Martin, and the world’s largest aerospace manufacturer Boeing, in a series of strategic data breaches on top-secret plans and information around a decade ago.
Authorities were stunned at the scale of the espionage in which hackers accessed designs and data on the F-35 Lightning II joint strike fighter jet, the B-2 stealth bomber, the F-22 jet, space-based lasers, missile navigation and tracking systems, and more.
Following the FBI’s 2014 arrest, and the subsequent jailing, of a businessman reportedly working with the Chinese military, the hackers’ modus operandi was revealed to involve phishing emails to employees at the target companies and installing malware on their systems which allowed remote access to directories containing the trade secrets, along with other sections of the companies’ networks.
How do cyber criminals typically target manufacturing companies?
Traditionally, it’s via phishing campaigns to gain unauthorised access to systems and data, tricking executives and employees into revealing login credentials and other private information. Networks, as a result, become highly exposed.
“The initial vector of intrusion is often not that sophisticated,” says Simon Ezard, a Senior Security Consultant at the Verizon Threat Research Advisory Center. “Unsophisticated cases involve attackers sending phishing emails, sometimes to thousands of people and in the hopes that a percentage of those will fall victim.”
Verizon’s research indicates that in most cases manufacturers can expect the cyberattacks to come from outside the business. In about nine out of 10 data breaches, external players are to blame, with employees responsible for just a small percentage of incidents.
What action should manufacturers take to limit threats?
With crucial company data, trade secrets and business reputations at stake, it is incumbent on manufacturing leaders and innovators to protect their intellectual property.
There are some basic means to combat cyber criminals, including being vigilant, educating employees about the dangers of phishing scams, keeping anti-virus software and patching up to date, encrypting data and using multi-factor authentication to limit the chances of attacks.
According to Verizon, manufacturers should also be taking three overarching actions to mitigate risks:
- Separate highly sensitive and secret data from the rest of their networks, and restrict access to only those individuals who absolutely require it to do their jobs.2.
- Implement data-loss-prevention controls to identify and block transfers of data by employees, and especially those who are terminated or resigning.
- Ensure that employees quickly report phishing attacks so they can be better understood and combatted.
“Make people your first line of defence,” Ezard says. “Give your employees cybersecurity and social engineering training. Help them learn how to spot a phishing email and empower them to speak up to their IT department if they become suspicious.”