Managing Director
- FMA
- The Fabricator
- FABTECH
- Canadian Metalworking
Categories
- Additive Manufacturing
- Aluminum Welding
- Arc Welding
- Assembly and Joining
- Automation and Robotics
- Bending and Forming
- Consumables
- Cutting and Weld Prep
- Electric Vehicles
- En Español
- Finishing
- Hydroforming
- Laser Cutting
- Laser Welding
- Machining
- Manufacturing Software
- Materials Handling
- Metals/Materials
- Oxyfuel Cutting
- Plasma Cutting
- Power Tools
- Punching and Other Holemaking
- Roll Forming
- Safety
- Sawing
- Shearing
- Shop Management
- Testing and Measuring
- Tube and Pipe Fabrication
- Tube and Pipe Production
- Waterjet Cutting
Industry Directory
Webcasts
Podcasts
FAB 40
Advertise
Subscribe
Account Login
Search
How manufacturers can prevent becoming cybersecurity targets
The weakest link can bring down an entire manufacturing supply chain
- By Trey Stokes
- January 6, 2022
- Article
- Shop Management
Manufacturing companies were far down the list of the most targeted sectors for cyberattacks as recently as 2018, but this changed rapidly. By 2019 manufacturing had moved up to the eighth most targeted sector and in 2021 it moved into second place (behind finance). It is clear that, unlike other industries, the manufacturing sector is learning cybersecurity the hard way!
While hackers may lock down your system, halt production, and demand a ransom, it can get worse. They also can compromise a company's intellectual property, patents, and financial information. Worse still, they might breach a system and do nothing at all. That’s because bad actors know that there’s always a bigger fish to fry at the end of the supply chain. A defenseless supplier can provide relatively easy access to a more valuable target company.
Vulnerabilities and Risks
The challenges faced by the manufacturing sector are unique compared to other industries. Every manufacturing company is heavily dependent on a vast network of partners, vendors, suppliers, investors, third-party logistics companies, and distributors or buyers. A big network with many connections represents a big number of vulnerabilities. The dependencies among the members of the network are vulnerable pathways. The small companies—like metal fabricators—often have little visibility.
A vendor, supplier, or distributor that has been infected by malware can unknowingly compromise another company up the supply chain simply by sending an invoice, a schematic, or a specification. Any attachment sent can lead to a breach, and if credentials are stolen, hackers can even pose as you or as someone you trust. The SolarWinds attack and JBS ransomware attack are examples of the devastating results.
You are no longer responsible only for your own cybersecurity but also the cybersecurity of your clients. The liability and reputational damage caused by a breach have the potential to ruin a small company.
Common Attack Vectors
Cybercriminals can use any of several pathways to gain access to network:
- Cybercriminals impersonate a target’s vendor using the vendor’s credentials and demand a ransom from the target.
- A cybercriminal may infect a supplier with dormant ransomware that does not activate until it reaches its intended target. The ransomware has a setting that keeps it dormant and essentially undetectable until it reaches the target. Colonial Pipeline was crippled by this sort of attack.
- Vendors use several Industrial IoT devices that have default passwords that can be compromised. If such a device—or any electronic equipment that has been compromised—is shipped to a recipient and installed, it can lead to infection of an entire business.
- Most of the OEM security updates are pushed through the vendor networks via over-the-air communications. Hence, vendors usually have administrative privileges to install these updates. A cybercriminal can either exploit this opportunity to push a malicious code into victim’s system along with the actual update or orchestrate a completely fake update and push it out to millions of such devices at once. This last method was used in the infamous Kaseya ransomware attack that occurred during last year's Thanksgiving weekend.
Prepare, Prevent, Respond
It is about time for manufacturing organizations to realize that cybersecurity is a specialist's job. The IT team, regular IT vendor, or managed services provider usually don’t have the specialized background needed to detect, prevent, and combat cyber threats.
Specially trained cybersecurity teams or managed security services providers both own and are trained to use tools such as managed detection and response, user behavior analytics, and process behavior analytics. These tools are dedicated to tracking machine behavior to detect irregularities in networks, devices, and communications. For example, unauthorized access to memory racks and data being copied or transferred is noticed and flagged. If this behavior continues beyond predetermined limits, such tools can cut off these actions.
Manufacturers also must craft a thorough incident response plan and appoint a team to implement the plan. Research shows that organizations with well-thought-out plans and trained teams bounce back to normal more easily and endure less damage.
Cyber Insurance
Some manufacturers may opt for cyber insurance, thinking that will be a solution on its own. However, this doesn’t alleviate a manufacturer of responsibility. Insurers often conduct comprehensive audits to evaluate their potential clients’ risk management practices and exposures, and the audits are becoming increasingly stringent. Manufacturers that are better prepared before an audit tend to get policies with lower premiums and deductibles.
About the Author
About the Publication
Related Companies
subscribe now
The Tube and Pipe Journal became the first magazine dedicated to serving the metal tube and pipe industry in 1990. Today, it remains the only North American publication devoted to this industry, and it has become the most trusted source of information for tube and pipe professionals.
start your free subscription- Stay connected from anywhere
Easily access valuable industry resources now with full access to the digital edition of The Fabricator.
Easily access valuable industry resources now with full access to the digital edition of The Welder.
Easily access valuable industry resources now with full access to the digital edition of The Tube and Pipe Journal.
Easily access valuable industry resources now with full access to the digital edition of The Fabricator en Español.
- Podcasting
- Podcast:
- The Fabricator Podcast
- Published:
- 04/16/2024
- Running Time:
- 63:29
In this episode of The Fabricator Podcast, Caleb Chamberlain, co-founder and CEO of OSH Cut, discusses his company’s...
- Trending Articles
Zekelman Industries to invest $120 million in Arkansas expansion
3D laser tube cutting system available in 3, 4, or 5 kW
Corrosion-inhibiting coating can be peeled off after use
Brushless copper tubing cutter adjusts to ODs up to 2-1/8 in.
HGG Profiling Equipment names area sales manager
- Industry Events
16th Annual Safety Conference
- April 30 - May 1, 2024
- Elgin,
Pipe and Tube Conference
- May 21 - 22, 2024
- Omaha, NE
World-Class Roll Forming Workshop
- June 5 - 6, 2024
- Louisville, KY
Advanced Laser Application Workshop
- June 25 - 27, 2024
- Novi, MI