While 2020 was a banner year for attacks on healthcare and other industries, manufacturing also remained a top target and likely will remain one going into 2021.
Over the past year, we have seen many significant attacks on this sector. Some of the most notable incidents were ransomware attacks Mondalez, Renault-Nissan, and Norsk Hydro, all of which crippled operations for some time. Attackers also targeted multiple other manufacturers’ financial systems or intellectual property, including FACC, DuPont, and OXO International. These attacks cumulatively resulted in millions of dollars of impact to the affected companies.
Manufacturing presents a tempting target for attackers. By their nature, the environments rely on consistent availability to continue operations and have little downtime tolerance. According to the annual Verizon Data Breach Report, 73 percent of attackers are financially motivated, perhaps explaining the many ransomware instances against the sector.
On top of that, manufacturing environments are relatively unique compared to other industries, offering a complex blend of traditional IT and operational technology (OT). This may include laptops or mobile phones, as well as water pumps, sensors, and factory line equipment. Many of these OT networks are now converging with IT networks to realize the benefits of automation, drastically increasing the risk of attack or disruption.
These dynamics present a growing risk of attack to organizations, one that in some cases has already become a reality. According to a TrapX Security and Enterprise Strategy Group survey, around half of security leaders said their organization had suffered an attack on their OT environments in the last 12 to 24 months. Meanwhile, 53 percent said they felt their organization’s OT environment was vulnerable to attack in the future.
A growing risk surface
Manufacturing companies in 2020 were targeted by multiple ATP groups and ransomware operators, with ransomware accounting for nearly half of all attacks on the group. Ransomware has a particular impact on manufacturing, grinding factories, or critical equipment, bringing them to a halt until the ransom is paid or the system is restored.
Many of the attacks seen during the year were attributed to exploitation of perimeter vulnerabilities, as well as targeted phishing attacks. Other groups were cited using social engineering and other methods to orchestrate attacks.
Attacks of this type take time to recover from. According to the TrapX Security and ESG survey, 47 percent of security leaders said attacks caused significant downtime for critical systems, citing time frames between a week and a month.
Protecting critical assets
Many security leaders said they still need additional capabilities to identify or prevent attacks on their OT environments, including investments in visibility, understanding threat intelligence, and the ability to patch vulnerable OT assets effectively.
Preparing a manufacturing organization to defend against these types of attacks will take a concerted effort in 2021. However, these investments are critical as the threat landscape continues to accelerate against this crucial sector.