What is cybersecurity for manufacturing?

About cybersecurity for manufacturing

Cybersecurity for manufacturing is a toolset of technology solutions, human expertise, threat intelligence, and business best practices customized to the technology-heavy manufacturing industry, which is particularly vulnerable to compromises in IP and operational and supply chain data.

How does cybersecurity for manufacturing compare with other industries?

Manufacturing shares common vulnerabilities with other sectors, including confidential internal data, customer data, and intellectual property (IP). With fewer humans in the loop in manufacturing environments, the sector’s cybersecurity focus is a bit less on employee data and more on critical operational data, supply chain data, and corporate IP, which is particularly vulnerable to espionage in a business-to-business (B2B) context. The manufacturing supply chain—enhanced by just-in-time delivery systems that track and trace needed materials—presents significant risk. A failure in these systems can wreak havoc and create substantial delays in the production process and delivery times.

What are the main cybersecurity risks in manufacturing?

Over the past decade, manufacturing has experienced significant technological advancements, particularly in AI, big data, and the Internet of Things (IoT). These advances, coupled with increased automation, global communication networks, and innovations in 3D printing, are enabling the era of the smart factory. However, the sector's deep dependence on technology also makes it an attractive target for cybercriminals.

Manufacturers’ automated systems are prime targets for attackers who may not aim to shut down an entire production line but can disrupt processes by tampering with small elements. Such disturbances might not halt manufacturing entirely but can lead to reduced efficiency, delays, and defective products. Cybercriminals might allow these breaches to persist undetected for extended periods before revealing them to manufacturers.

What are the latest ransomware trends in manufacturing?

Nearly two-thirds (65%) of manufacturing and production companies reported being hit by ransomware during the past year in the Sophos-commissioned 2024 State of Ransomware in Manufacturing and Production report. This figure was a notable increase from 2023 (56%) and 2022 (55%) and reflected a 19-point increase since 2020 (46%).

Nearly all respondents (99%) in affected manufacturing organizations were able to pinpoint the root cause of ransomware attacks. Malicious emails emerged as the leading culprit, accounting for 29%, followed by exploited vulnerabilities, which were at the root of 27% of such attacks. These results represent a change from 2023, when compromised credentials were the predominant vehicle for launching a ransomware attack.

How much does cybercrime in manufacturing cost companies?

According to Sophos research, 55% of manufacturers faced cyberattacks in 2021, a rate lower than the cross-sector average of 66%. However, the average ransom payment among manufacturers, standing at $2 million, significantly exceeds the cross-industry average of $812,360. These figures don’t account for the potential earnings loss and reputational damage that ransomware attacks can create.

While manufacturers might be less frequently targeted, then, the financial repercussions of a given attack tend to be considerably greater.

For instance, in June 2024, CDK Global, a major software provider to U.S. auto and equipment dealers, reportedly paid a $25 million ransom in cryptocurrency after a cyberattack temporarily shut down sales processing across the country. The attack highlighted vulnerabilities in critical supply chains and illustrated the persistent threat of ransomware to manufacturing business operations.

Not all cybercriminals are driven solely by financial gain; some are motivated by ideological goals, which can inflict profound damage, including inflated prices, without the option of ransom payments. An example is the Predatory Sparrow group, which targeted Iran’s Khouzestan Steel Company, halting its operations. The ripple effects of such attacks are international, affecting global supply chains and consequently increasing prices worldwide.

What are cybersecurity measures for manufacturing?

The myriad attacks on manufacturers globally underscore the critical need for enhanced cybersecurity measures. Investing in state-of-the-art infrastructure, cybersecurity technologies, and skills—whether internally or from a third party—is essential for manufacturers to mitigate the high costs and impacts of cyberthreats.

Manufacturers’ sophisticated adversaries are well-equipped with resources and tools that often surpass traditional defensive technologies. Malicious actors are increasingly using legitimate IT tools, exploiting stolen credentials, and leveraging unpatched vulnerabilities to bypass cybersecurity measures. By mimicking authorized users and exploiting organizational weaknesses, these actors often evade automatic detection systems.

Technology solutions alone are insufficient to thwart every cyberattack. The most effective method of detecting and neutralizing persistent cyberthreats involves constant monitoring—"24x7 eyes on glass"—conducted by skilled operators. These professionals use a diverse array of security alerts and real-time threat intelligence to preemptively identify and defuse threats before they can cause significant damage. However, the complexity of contemporary operating environments and the rapid evolution of cyberthreats render this practice challenging for most manufacturing and other organizations.

Certain manufacturing equipment, such as IoT sensors and devices, often lacks robust protection because it doesn’t have the requisite memory and compute power to support full-featured endpoint security software. Moreover, any time a manufacturing device connects with a network, there’s a risk of interception or infiltration. Network-centric cybersecurity systems, such as Sophos Network Detection and Response (NDR), monitor traffic from these devices in real time to detect suspicious and malicious activities. In the case of Sophos, security alerts are sent to Sophos NDR human analysts for immediate investigation and response, minimizing the risk of a security incident.

What solutions does Sophos offer for manufacturing organizations?

In addition to network security, mentioned above, Sophos makes a number of solutions available, including the customizable Managed Detection and Response (MDR) cybersecurity as a service (CSaaS) offering. MDR addresses each manufacturing entity’s unique security needs, existing investments, staff expertise, and IT infrastructure. Organizations can select their desired level of support, whether it’s merely being notified about threats so internal teams can address them, having Sophos contain threats on their behalf, or receiving comprehensive incident response and root cause analyses. Our security specialists collaborate closely with your organization to determine the most effective approach tailored to your specific requirements.

What are the capabilities of Sophos MDR and can it work in my existing security environment?

Sophos MDR has been designed to comprehensively address today’s cybersecurity landscape, where threats are multifaceted and can originate from various directions, with adversaries employing multiple tools, tactics, and procedures. Our cloud MDR offering enhances your defense by using Sophos technologies and experts alongside the third-party security tools already in your arsenal.

  • Endpoint telemetry identifies malicious activities and behaviors indicative of attacks
  • Firewall data detects intrusion attempts and signals transmissions to external servers
  • Network telemetry uncovers rogue assets, unprotected devices, and emerging threats
  • Email alerts pinpoint initial network breaches and detect efforts to access sensitive data
  • Identity data reveals attempts at unauthorized access and privilege escalation
  • Cloud alerts detect unauthorized network access and potential data theft attempts

By integrating these resources, Sophos MDR not only mitigates cyber risks but also maximizes the return on your security investments, fortifying your manufacturing environment against the evolving threat landscape.

 

Ransomware in manufacturing resources

Manufacturing Cybersecurity Guide

Securing Manufacturing and Production Against Cyberthreats

Related security topic: What is endpoint security?