Manufacturing's Mixed Technology Opens Doors for Cybercrime

Six must-haves for building network resilience.

Online Safety And Security

Today's product lines are more sophisticated, and supply chains connect manufacturers, suppliers, and customers at the hip. Expensive new technologies and processes usually require slowing or shutting down production lines, making already tight profit margins even thinner. Unsurprisingly, some manufacturers opt to delay implementing or upgrading technology, keeping legacy systems in place as long as possible so production continues without interruption. 

Choosing to use outdated tech can be a dangerous business decision. Upgraded systems and technology provide better data visibility on production, demand, supply chain, and forecasting, which help make business decisions clear and less speculative. And outdated systems equal inadequate protection from cyberattacks. 

Many manufacturers in the post-COVID economy are choosing rapid adaptation to remain competitive. When they move quickly, it's even more critical to build cybersecurity resilience as networks and processes evolve. The combination of some manufacturers using outdated systems and networks while others rapidly add tech without suitable security measures creates vulnerabilities in systems and networks. This mix opens opportunities for cybercriminals to break into networks and bring production to a grinding halt. 

Not If but When a Hacker Breaches Your System 

Samsung reported a significant breach in September 2022. Their website states, "in late July 2022, an unauthorized third party acquired information from some of Samsung's U.S. systems. On or around August 4, 2022, we determined through our ongoing investigation that personal information of certain customers was affected." Samsung took action to secure the affected systems and engaged outside cybersecurity and law enforcement. 

Hanes shared that its second-quarter 2022 results were impacted by a cyber event that temporarily affected the company's global supply chain network and limited its ability to fulfill customer orders. The attack impacted operations for three weeks, negatively impacting net sales by about $100 million and adjusted operating profits by $35 million. 

On May 5, 2022, AGCO, a worldwide manufacturer and distributor of agricultural equipment and infrastructure, reported it was the victim of a ransomware attack. Eleven days later, the company was still working to restore business operations and stated, "...damage from the ransomware cyberattack could require more in-depth, and lengthy, remediation and recovery than is currently expected." The company expects to mitigate the production loss from the ransomware cyberattack by increasing production over the remainder of 2022. 

These three examples are not unusual occurrences. Companies take weeks, months, and even years to recover from cyberattacks, and some never recover.  

At a recent panel discussion, United Airlines CISO Deneen DeFiore discussed shifting away from thinking about cybersecurity in terms of data protection and moving towards a cyber-resiliency strategy. She explained that everyone on the team must understand the impact and how to recover and reduce the 'blast surface' since operational disruption has a cascading effect across the business ecosystem.  

DeFiore shared, "We operate at airports around the world. Our assets are mobile… that makes it imperative that we understand the impact [of a cyber-incident] and have a resilience approach." Manufacturers would be wise to heed her advice and think strongly about building resilience surrounding the increasing threat from cybersecurity attacks. 

Understanding the Need for Resilience 

Creating resilient manufacturing processes to prevent cyberattacks is more complex. Manufacturers need a clear strategy and expertise to ensure their systems stay protected. Here are some key questions to consider.

  • How quickly can you get production running after an attack?
  • How can you lessen the impact of an attack?
  • What should your team do now to ensure operations don't come to a standstill when a cyberthreat occurs?  

Start by evaluating your company's software networks to create a plan. Consider everything from production lines, inventory management, insurance and regulatory compliance, shipment tracking, and other business needs. A robust and complex system requires careful monitoring and support to prevent unauthorized access and data breaches.  

When you put together your plan, consider building resilience into your systems. If you don't have experts on staff to dive deeply into the safety and security of your systems, find an experienced cybersecurity company with the knowledge to support your plan.  

Here are the six must-haves manufacturers need to create cybersecurity resilience:

  1. Patching for your systems.  Patches and updates fix bugs and vulnerable holes in software and cloud-based systems. Hackers aren't constantly devising new ways to breach systems; they're taking advantage of known vulnerabilities and exploiting those weaknesses. That's why regular patching is critical to build resiliency and reduce your business' risk from known vulnerabilities. While it might be tempting to skip a system patch because it may disrupt critical applications, ask how your system would handle a ransomware attack if it can't survive an update. It’s well worth the risk to update your system and prevent access to vulnerabilities.
  2. Back up your systems. Having a 3-2-1 backup system in place is an excellent tool for resiliency. Keep three copies of your data, two backups onsite on different systems and finally, have an immutable offsite backup. This last backup is vital to restore your business after an attack. Immutable means "unable to change." An external team secures and manages your immutable backup. Even your in-house IT team or CEO can’t access it. In the event of an attack, the hacker won't be able to crack it either since it's not connected to your network.
  3. Monitor your networks. Take preventive measures to spot suspicious activity before a full breach occurs. Often hackers lurk inside a network for some time, waiting to strike at the right opportunity. Thorough monitoring provides a chance to catch the hacker and block their access before an attack occurs.
  4. Implement multi-factor authentication (MFA) with every login. That unique code sent to your email or mobile phone allowing you to log in to an account is MFA. This extra step makes it harder for hackers to find their way into your company's networks and helps verify authorized users. MFA is a must to build resilience and protect sensitive data beyond the use of a simple password.
  5. Penetration test your systems. Experts use penetration testing to mimic a hacker breaching your systems and uncover vulnerabilities in your internal network. It’s a great way to scrutinize your company's security. A penetration test can quickly assess common vulnerabilities, such as finding unencrypted traffic, weak passwords, or common exploits found on connected devices. Internal penetration tests act like insurance for your network and can prevent threats before they happen. 
  6. Employee training prevents phishing. Your employees are still one of the most common weaknesses hackers exploit to gain access to networks. Ensure everyone on your team knows to use strong passwords, avoid downloading unexpected attachments, and ignore email links without verifying the sender. Encourage employees to spot and report suspicious emails with typos, mismatched URLs or odd addresses, and notify your IT team about email or access requests that don't seem legitimate. 

Customers and supply chains count on your company to produce the necessary goods. Ensuring secure networks and systems is vital as part of a larger ecosystem. When your organization builds cybersecurity resilience and makes it harder for cyberthreats to take down your business, the future of commerce is stronger for everyone. 


Art Ocain, CISM, MCSE, VCP, CCNA, is Airiam's VP of Service Delivery.