The Critical Role of Cyber Security in Manufacturing

Nearly a quarter of global cyber attacks against industries targeted manufacturing in 2022.

It’s easy to see why manufacturers are such an attractive target for hackers. The manufacturing industry is a rich source of valuable intellectual property, sensitive customer data, and critical operational information.

Cyber criminals have plenty of entry points to attack unprepared manufacturers, from unsecured IoT devices to poorly set-up supply chains.

Successful cyber attacks have far-reaching consequences. Of the half of UK manufacturers who suffered an attack, 22% said it cost between £5000-£25,000 to rectify. Businesses that are breached also face production disruptions, compromised product quality, reputational damage and potential regulatory non-compliance.

Robust cyber security measures are therefore vital for protecting manufacturers. We’ve explored the critical role cyber security plays in protecting manufacturing operations in an increasingly complex and threat-filled digital landscape.

Increased connectivity requires increased cyber security

The IoT, machine learning and AI mean that manufacturers are incorporating more technology into their operations. Digital innovation enables the creation of goods on a scale never seen before, while improving both safety for workers and cost-efficiency for the business.

However, this increased reliance on interconnected systems and data-driven technologies has made the industry more vulnerable to cyber threats. The threat of attack means that 1 in 8 UK manufacturers are deterred from digital adoption.

Ransomware attacks, data breaches, intellectual property theft, and supply chain vulnerabilities all pose serious threats to businesses.

It’s reassuring that some manufacturers are taking these threats seriously. 61% now have a board director dedicated to cyber security. 91% believe they have the correct knowledge to assess their cyber risk.

Unfortunately, 44% of UK manufacturers still don’t offer cyber security training for employees. 47% don’t have a plan or process in place to deal with an attack.

Cyber criminals are becoming more dangerous and will happily take advantage of vulnerabilities within networks or along manufacturing supply chains. Up to 40% of attacks now occur indirectly through the supply chain.

Cyber security plays a crucial role for both manufacturers and their partners and suppliers. Even if one business has robust measures and processes in place, weaknesses or lax attitudes in partner networks can have devastating knock-on effects when vulnerabilities are exploited.

While better technology and greater connectivity offer more opportunities for manufacturers, there are risks. Cyber security needs to be incorporated into wider business strategy so that new technology and partnerships are evaluated proactively for any risks and vulnerabilities.

The consequences of a breach

The average cost of a data breach in 2022 was $4.35 million.

Costs after a breach can rapidly spiral. Beyond the initial incident response and investigation, manufacturers may face extended periods of downtime as systems or equipment are repaired. The disruption downtime causes can result in lost productivity, delayed production schedules, and missed deadlines. Customers who lose faith in the business may take their custom elsewhere.

Manufacturers also have regulations they are required to follow. All businesses operating in the EU and UK must comply with the General Data Protection Regulation (GDPR), the strictest data protection law in the world. Breaches of GDPR lead to heavy fines, as companies like Amazon (£636 million fine) and Meta (£346 million fine) have discovered.

Since the 28th of January 2022, more than €1.64 billion in fines have been handed out by European data protection agencies.

Many businesses have fallen foul of GDPR after they’ve suffered a cyber attack. The UK’s Information Commissioner’s Office (ICO) served construction company Interserve with a £4.4 million fine after failures to adhere to GDPR measures led to a breach that affected the data of up to 113,000 staff.

Fines are a black mark against a business at a time when people have become more aware of how their data is used online. Cyber criminals can use email addresses to launch spam, while information like postcodes and dates of birth can be used to breach accounts.

While no cyber security system will completely protect a company’s infrastructure, implementing robust measures will ensure that regulations are followed and that potential damage is mitigated. Hackers look for easy ways into networks – a strong cyber security strategy closes off many of the vulnerabilities they target.

Where does cyber security help?

‘Cyber security’ refers to more than firewalls and anti-virus that protect data. A good cyber security strategy combines robust technological defences, comprehensive employee training, proactive threat intelligence, and regular security assessments to create a strong and resilient defence against evolving cyber threats.

Below are 4 areas that cyber security plays a critical role in protecting:

Intellectual property

Manufacturers rely on proprietary technology, processes, and designs to maintain a competitive edge. A cyber attack can compromise this intellectual property, leading to significant financial and reputational damage.

Nvidia, one of the largest chip manufacturers in the world, suffered a massive data breach in 2022. Emails for around 71,000 employee accounts were exposed as part of around 1TB of information stolen by the hacking group LAPSU$.

Most worryingly, the stolen data contained proprietary information, including details for upcoming graphics cards. Nvidia’s cards are amongst the most advanced on the market, designed with and powered by the intellectual property that had now fallen into the hands of criminals.

If the data was leaked, it would damage Nvidia’s competitiveness in the graphics card market. While their main competitors likely wouldn’t use the data (lawsuits would almost certainly follow), smaller manufacturers may take the risk to create more powerful cards.

Nvidia likely already had industry-leading cyber security measures in place to protect against attacks, but the hack highlights how cyber security is a constantly evolving field. Manufacturers need to remain vigilant against new methods of penetration and update their policies accordingly.

Business continuity

Industries like manufacturing rely on uptime to maximise production and meet deadlines. Cyber attacks threaten the tight schedules that manufacturers operate in by taking equipment offline, locking systems and encrypting data.

Any disruption can lead to production downtime, delays, and even shutdowns. This can result in significant financial losses and damage customer relationships.

Ransomware attacks, for instance, can lock critical systems and data and effectively paralyse a manufacturer. The subsequent loss of productivity, coupled with potential reputational damage, can have far-reaching consequences for both current operations and future growth.

JBS discovered this when it suffered a ransomware attack in 2021. The largest meat processing company in the world, the attack disrupted plants in the USA, Canada and Australia and rendered all US-based beef processing plants temporarily inoperable. Disruption spread beyond the plants, as the US Department of Agriculture couldn’t offer wholesale prices for beef and pork.

The attack was resolved when JBS paid an $11 million ransom to regain control of its systems. While JBS doesn’t operate in the manufacturing industry, there is still plenty that manufacturers can learn, in particular, the far-reaching disruption cyber attacks cause to critical infrastructure.

Equipment

As digital transformation sweeps through the manufacturing sector, machines are increasingly operated with software and monitored with IoT devices. Greater automation of critical processes streamlines operations, increases safety for workers, and can improve the longevity of equipment.

Cyber security plays an important role in keeping these systems, and by extension the equipment, safe.

In 2014, a spear phishing campaign gave hackers access to the control systems of a German steel mill. The attack forced an unscheduled shutdown and caused damage to a blast furnace.

While direct damage to equipment due to a cyber attack is rare, any repairs and associated downtime are costly. Spear phishing attacks rely on targets clicking malicious links or downloading malware; regular training helps staff spot phishing emails to prevent potentially devastating attacks.

Supply chains

Supply chains are critical components of the manufacturing industry. However, the interconnected nature of these supply chains also creates security vulnerabilities.

Cyber security helps manufacturers share information securely with partners and suppliers. If every business along the supply chain has a robust cyber security strategy in place, it’s easier to isolate attacks and prevent a ripple effect impacting other businesses.

Vulnerabilities come in many forms, including third-party software. For instance, vulnerabilities in certain Atlassian apps meant that hackers could effectively take over accounts and plant ‘backdoors’ for use in future attacks. Check Point carried out a full investigation, uncovering issues that may have affected Atlassian’s more than 200,000 customers.

Protecting against this requires manufacturers to both look at their own systems and vet potential partners. This includes establishing clear communication channels with partners and suppliers, conducting regular training and drills, and developing backup plans to isolate incidents and minimise disruptions to the supply chain.

Robust cyber security in manufacturing will drive success in the industry

Data breaches in the manufacturing industry can have far-reaching effects on a business’s financial health, legal compliance, and reputation.

The financial impact includes direct costs, loss of productivity, and potential revenue decline. Legal and regulatory consequences can result in significant fines and legal actions, while damage to reputation can lead to decreased customer trust and missed business opportunities.

Cyber security must become a priority for every business. By implementing robust policies and measures, manufacturers can safeguard their operations and protect their long-term success in an increasingly interconnected and vulnerable digital landscape.