Cybercrime is reaching epidemic proportions. The “Official 2019 Annual Cybercrime Report,” based on research conducted by Cybersecurity Ventures predicts that cybercrime will cost companies across the world $6 trillion annually by 2021, increasing from $3 trillion in 2015. The biggest targets are public sector and professional services although in recent years, manufacturing is catching up quickly as can be seen in the Verizon Data Breach Investigation Report 2019 that detailed 352 incidents, 87 within manufacturers.
Damage to the bottom line
Several major incidents highlight the potential damage that manufacturers face from a targeted cyber-attack.
In early 2019, Norsk Hydro, one of the world’s largest producers of light-weight metals, was a victim of a cyber-attack that forced it to halt some production and switch to manual operation resulting in costs of $52 million.
In 2018, TSMC, one of the largest manufacturers in Taiwan, was hit by a cyber-attack that forced production disruption resulting in estimated losses of $170 million.
The multi-million-dollar impact is the result of downtime in manufacturing capacity which can afterwards extend with a ripple effect in insurance premiums, damage brand reputation, share price and consumer confidence resulting in elevated costs for many years after the event.
The reason for the growth in attacks against manufacturers stems from several factors:
- One clear trigger is the rise of Industry 4.0 adoption that is based on enhanced automation and the use of more software-centric and Internet-of-Things technologies across the production chain, which has led to a larger attack surface for cyber criminals to attempt to exploit.
- Widespread internet-based attacks such as ransomware and crypto-jacking affected, in some cases, leading industrial enterprises and highlighted the financial impact of business interruption – the most famous one being the Notpetya ransomware that, in 2017, crippled multinational companies including the world’s largest shipping conglomerate, Maersk, pharmaceutical giant, Merck, and French construction company, Saint-Gobain, resulting in more than $10 billion in total damages, according to a White House assessment.
- Attacks on industrial networks started several years ago focusing on critical infrastructure, such as Stuxnet in Iran, BlackEnergy in Ukraine and Triton in Saudi-Arabia. These cases have shown the cyber criminals how to attack such industrial networks and, combined with the evolution of automated tools to exploit new vulnerabilities, made the business-case for attacks on manufacturing facilities worthwhile.The increased vulnerabilities, the indication of the value of business interruption and the commoditization of the attack methods tools, made the industrial networks a prominent target and the first cases were soon to follow.
A better defence approach
However, manufacturers are fighting back and investing in security training of their staff, defining security processes for the industrial networks and deploying OT-specific security tools.
When it comes to manufacturer specific security technologies, innovators such as Radiflow have developed end-to-end security solutions designed specifically for the manufacturing sector.
Cyber Security designed for manufacturing
Developed by a team of professionals with diverse backgrounds including cyber-experts from elite military units and automation experts from global industrial vendors and operators, Radiflow was built exclusively for ICS/SCADA networks. The platform allows users to maintain visibility and control of their OT networks, including an Intelligent Threat Detection that passively monitors the OT network for anomalies as well as Secure Gateways that protect OT networks from any deviations from set access policies. These key features are enhanced by asset mapping, risk scoring, and anomaly detection to create a complete view of the operational environment.
For smaller manufacturers with difficulties staffing a dedicated in-house SOC, the Radiflow MSSP model has proven particularly popular and is used by several MSSPs across the world to help protect hundreds of sites.
Taking back control
The combination of elevated security processes, enhanced training and manufacturing industry specific security solutions is helping progressive organisations to reduce the risk of cyber-attack. This approach is also allowing breaches to be discovered more quickly while mitigating damage. There is still no “magic bullet” that will guarantee complete protection but the journey towards better security often starts with an ICS Security Assessment.
Conducted by Radiflow’s dedicated team of ICS/SCADA cyber-security experts, the assessment starts with Non-intrusive network traffic recording, with no interruption to ongoing production (OT) operations. This is used to create a clear, drill-down visualization of the OT network topology including all connected assets along with detection of all known vulnerabilities and analysis of the risks to the customer network with a prioritized risk-mitigation plan.