Cybersecurity risk in manufacturing: The risk is real and increasing

Manufacturers need to boost their cybersecurity

Apr 23, 2019
Manufacturing Cybersecurity consulting

Manufacturing companies often think they’re immune to cyberattacks. Many times, when a cyberattack makes it into the headlines, it usually is a massive breach involving a credit card company or Social Security numbers. But, this type of data is losing its value. Hackers are now looking for the next big opportunity and what they’re moving into is very relevant to the manufacturing industry.

RSM’s national manufacturing leader, Steve Menaker, recently sat down with national security and privacy leader Daimon Geopfert to discuss how cybersecurity risks are increasing in manufacturing and how companies can mitigate these risks.

Steve Menaker: Many manufacturers feel they are above the fray. They don’t sell products online, they don’t have lots of credit card or personal information so that means they’re in the clear and these cybersecurity issues don’t apply to them. Is that true?

Daimon Geopfert: Out of the tens of thousands of incidents that happen each year, data is still a big focus. But while retail, health care and financial companies are still targets for underground hackers, data from those types of organizations is losing its value. So hackers are looking for the next big thing; they are starting to focus on interruption of operations, holding people for ransom and direct theft of accounts. Before, manufacturing felt like it was not the key demographic from which hackers got data, but now when you talk about interruption of operations, manufacturing becomes much more in the crosshairs. Manufacturers don’t have any more or less risk than other industries, they just have their own unique set of risks. At RSM, we classify them as the “big three” risks in manufacturing:

1. Intellectual property theft: If a hacker can get in and steal one-of-a-kind intellectual property, because it’s unique, hackers can sell the information for a premium in the underground space and there’s always a buyer somewhere.

2. Interruption of operations: When hackers used to look for credit card numbers, if they couldn’t find any, they would leave because there was nothing to resell. But now with ransomware, if they can break in and lock up the environment, they can extract payment directly from the victim to unlock the systems. It has made the hacker’s market larger because they don’t have to find something to resell, but something to interrupt that’s very important to their victims.

3. Direct theft of funds: This is where you see a social engineering e-mail saying, “Hey, this is vendor x, here’s our new bank account information; please re-route all payments here” or you see the hackers trying to social engineer your credentials to log into your bank accounts so they can directly steal the money.

SM: What does recent research tell us about cybersecurity and cyberattacks?

DG: We do two major studies at RSM, the Middle Market Business Index and the Net Diligence® Cyber Claims Study. The main takeaway is that many companies think they’re not large enough for a cyberattack. But in reality the moment you think you’re too small to be a target, you become the key demographic. Most large companies have been so heavily regulated for so long, they’ve invested heavily in security so attacking them is too burdensome of a process for hackers. If you go to the very low end of the market, it’s easy to break into those companies, but the payday doesn’t justify the time. The attackers are going straight to the middle market. In fact, 85 percent of the breaches occur in organizations under $2 billion in size, but 70 percent are in organizations less than $300 million in revenue. The middle market is the key demographic at the moment.

SM: How does a company get started in assessing its cybersecurity risks?

DG: Any step to get going is the best thing a company can do. An assessment where someone is coming and evaluating what your organization looks like versus what it should looked like is usually a week or two of effort depending on how technical you want to go. But in reality, the major cost is not the assessment, it’s the remediation. If someone comes in and says you have these issues that are causing enormous risk in the organization, fixing them is going to be the big ticket item.

What you’re looking for is making sure you’re bringing in someone that understands your industry and your size. You want someone that can be very pragmatic and give you quick-hit ways that you can take off big chunks of risk, while being cost effective in the process.

SM: As companies think about industry 4.0, technology is a big part of it. Any summary on how you see the risks in the manufacturing space today?

DG: Hackers are smarter than people give them credit for. They are very economically driven and make rational decisions for who they’re going to target. As organizations are going through complete digital transformations in their environment, hackers are following that. Don’t think that by shifting stuff around in your environment that you’re greatly reducing your risk. What you’re doing is just changing the nature of the risk. You’re not making the pie smaller, but rearranging the pieces.

With ransom and interruption of operations being the biggest attacks in the world right now, manufacturing is much more of the key target than retail or finance. So if you change the mindset from data theft to extraction of payment, manufacturers will realize they are the key demographic at the moment.

Related insights

Subscribe to Risk Bulletin

Our cybersecurity, risk and fraud professionals provide regular insights and regulatory compliance updates to help your organization manage risk.