Don’t learn about manufacturing cybersecurity the hard way

If you haven’t performed a cybersecurity risk assessment at your facility, it’s time for one.

Computers are ubiquitous. They simplify our lives and connect us, but they also leave us vulnerable.

The world’s first reprogrammable computer, dubbed ENIAC for Electronic Numerical Integrator And Computer, was invented by J. Presper Eckert and John Mauchly at the University of Pennsylvania in 1943. It took three years to build, occupied more space than my house (about 1,500 sq. ft.), weighed the same as an adult grey whale (nearly 30 tons), and used about 18,000 vacuum tubes.

It was the most complex electronic system ever built at the time, using 70,000 resistors, 10,000 capacitors, 6,000 switches, and 1,500 relays. It also was hacker-proof, but only because it predated the invention of the internet.

On the other hand, today’s computer systems, and the interconnectivity that makes them indispensable to modern businesses, are vulnerable to many forms of cyberattack. These can involve the theft of intellectual property (IP), ransomware, and the installation of viruses.

IBM’s recent “X-Force Threat Intelligence Index” reported that attacks on industrial and manufacturing facilities have increased by more than 2,000 per cent since 2018. Not 10 per cent. Not 100 per cent. But a staggering 2,000 per cent. Manufacturing now trails only finance and insurance in cyberattacks.

Production shutdowns caused by these attacks are costly. Loss of IP can be crippling.

According to the X-Force report, the top three attack types deployed against manufacturers are ransomware, data theft, and illegal server access.

1. Ransomware.

A ransomware attack locks users out of their computer systems and only allows access once a fee has been paid. It’s commonly installed through a deceptive link in an email and often requires payment in cryptocurrency.

2. Data theft.

This is the easiest-to-understand attack type. It quite simply is the removal of data from a computer system and often is perpetrated by someone on the inside of the company, either maliciously or through negligence.

3. Server access attack.

A server access attack directly targets a company’s server and allows access through stolen passwords or by exploiting a vulnerability in the system. These attacks breach the applications on the server itself, differing from client-side attacks, which target the software on desktops.

“Manufacturers are increasingly being targeted not just by traditional malicious actors such as hackers and cybercriminals, but by competing companies and nations engaged in corporate espionage. Motivations range from money and revenge to competitive advantage and strategic disruption,” stated Deloitte’s “Global Cyber Executive Briefing” report.

If IBM and Deloitte are writing reports about it, it’s a real threat. If you haven’t performed a cybersecurity risk assessment at your facility, it’s time for one.