Cybersecurity in manufacturing—key considerations to keep your company safe

Cybersecurity is a recurrent theme in today’s news. Each month, 9,000 news stories in Australia cover cybersecurity as a topic. Governments advise businesses and individuals to increase their security measures and be vigilant with their online data. The cases of cybersecurity infractions are increasing, and the ramifications of data breaches are costly—both in terms of financial cost and also the cost to reputation with customers and business partners.

The manufacturing industry is not immune to cybersecurity attacks. A recent report from KPMG predicted a 15 percent year-on-year increase in ransomware threats over the 5-year period from Oct 2023, when the report was released. Ransomware is software that infiltrates a network and corrupts data, and cybercriminals only rectify this when a ransom is paid. Manufacturing is on the target list of cyber criminals using ransomware.

ECI Vice President of Manufacturing in APAC, Andrew Mamonitis, has more than 15 years' experience working within the cyber security industry. Andrew’s experience included being the Managing Director for a global internet security vendor (APAC), General Manager for a software distributor focusing on cyber security solutions (APAC), and General Manager for a global back up and disaster recovery vendor (APAC).

He explains that small to medium-sized manufacturers are targets because of the return on investment (ROI) for the cyber criminals within this sector.

“The cybercrime industry is extremely lucrative for organised crime syndicates and is projected to hit $9.5 USD trillion in 2024,” Andrew said.

“Like any business, the cybercriminals are motivated by ROI and in cybercrime that is largely dependent on maximising the window of opportunity when attacks are considered a zero-day exploit—causing damage exploiting a cyber vulnerability.

“For this reason, manufacturing is the number one ranked industry impacted by cybercrime globally with 25 percent of all attacks in manufacturing,” he said.

Cybersecurity attack prevention

While there is no silver bullet when it comes to cyber attack prevention, Andrew, in his vast experience, recommends a layered approach as most effective when it comes to deterring attacks.

“Quite often, this involves deploying varying technologies within the organisation and having dedicated IT resources in place to monitor and mitigate for disaster recovery,” Andrew said.

He warns small to medium-sized business (SMB) owners against a head-in-the sand approach.

“Many SMBs mistakenly believe they are too small or not relevant enough for a cyber attack when the fact is, and the data shows, that the truth is actually the opposite,” Andrew said.

“I get it—many SMBs are focused on their core role—the role of their business and their speciality. This means they are focused on growing their business and being experts in their dedicated field.

“Quite often, these SMBs don’t have robust security measures in place and they don’t have dedicated security experts managing their IT infrastructure or appropriately secure manufacturing software.

“They are commonly targeted as a result of them being easier to penetrate because of their lack of cybersecurity compared to larger businesses.

“The other consideration that SMBs may not be aware of, is that the reason they are often targets is because they are a gateway to larger businesses. There are many public examples of suppliers of large, high profile enterprises being used as an entry point for cybercrime,” he said.

Threat landscape

All businesses should consider their risk profile in the contemporary business world. Understanding and mitigating manufacturing’s threat landscape is critical to ensuring business success.

Cybersecurity threats, as well as ransomware breaches, could also encompass supply chain interruptions, intellectual property theft, disruptions to operations, and reputational damage. All of these threats could result, if realised, in downtime, loss, and damage to the manufacturers’ relationship with their customers and to their reputation.

Supply chain considerations

With manufacturers likely to receive raw products from multiple suppliers and then deliver their product to multiple markets, supply chain integrity and security are key for a profitable business. Achieving this in an environment where cyber threats are an increasing concern requires diligence and cybercrime awareness.

“It’s imperative that SMBs understand the importance of cybersecurity to their business and that they engage experts to keep them safe and having secure supply chain management is part of this,” Andrew said.

“More than 60 percent of Australian SMBs don’t survive a cyber attack or a data breach and those that survive need to deal with ramifications such as mandatory government reporting for data breaches, director responsibility for cyber security, reputational damage and business costs.”

KPMG report on cyber defence

The KPMG report noticed that cyber defence in manufacturing was becoming harder because it involved software ‘patches’ and patching is difficult on aged machinery or requires operational downtime for the machines.

The report also mentioned that increased implementation of IoT, automation and AI, while enhancing data visibility and work productivity, could also increase manufacturers’ vulnerability to cybersecurity, if not implemented well and with appropriate safeguards.

The interconnected systems and technologies that on the one hand drive efficiency, streamline operations and drive innovation, could also help or hinder cybersecurity for manufacturers, depending on how these systems were established and secured.

The KPMG report overviewed the costs associated with cyber breaches, including a disruption to operations, a need for costly investigations to determine the source of the breach, being subject to regulatory action, increased communication with customers during the cyber breach period, and, potentially, payouts for customers if data was not appropriately stored and protected. The report also acknowledged the cost of reputational damage in any instance of a cyber breach.

Andrew agrees with the report's findings.

How to stay cybersafe in 2024

Andrew points to some key ways manufacturers can stay cybersafe, recommending manufacturers move to the cloud with trusted vendors, such as ECI, using enterprise resource planning (ERP) like M1 and a Warehouse Management System (WMS) mobile app to assist with stock management and be used as data analysis software.

“By doing so, you mitigate risk, reduce costs, have accurate real-time data, and are provided with a multi-layered security approach.

“SMB manufacturers can then outsource their worry and focus on their core strengths—growing their business,” Andrew said.

How a cloud-based solution mitigates cybersecurity risk

Cloud-based solutions are key to mitigating cybersecurity risk for one very good reason, according to Andrew.

“A cloud-based solution removes the responsibility of managing security on the premises to a state-of-the-art data centre in Australia that provides a secure environment, including: policies and procedures, asset management, access management, cryptography, physical security, operations security, communications security, business continuity, people security, product security, network security, security compliance, third-party security, vulnerability management, security monitoring and incident response,” Andrew said.

Andrew calls for all manufacturers to prioritise cybersecurity to protect their sensitive data, intellectual property, and operational continuity.

Learning from experience

Andrew recounts a typical breach that should make manufacturers pay attention.

“A typical breach that comes to mind that is particularly relevant to our market segment was a breach in the US for the high-profile retail chain, Target,” Andrew said.

“Millions of payment card numbers were stolen in the breach. The hackers were able to circumvent Target’s security measures by using a small air conditioning supplier as a gateway into their system. The supplier was an easy target with the bigger target in mind. The supplier inadvertently installed malware on their POS devices.

“This was an all too common example of SMB’s being targeted because they are easier to penetrate and are then used as a gateway to the larger target,” he said.

Mitigating cyber breaches with enhanced cybersecurity defences

Andrew refers customers to the Australian Signals Directorate white paper, which outlines risk mitigation strategies.

“There really is no single way to eliminate 100 percent of the risk. A multi-layered approach is recommended for deterring attacks,” Andrew stresses.

“A simplified strategy would encompass three main points:

1. Implement as many of the Australian Signals Directorate's recommendations as possible.
2. Outsource hosting and security management where possible.
3. Basic but most effective: creating strong company processes for cybersecurity best practices for staff and ensuring training is ongoing and front of mind.”

Regulations

Manufacturers already comply with many regulations, standards, and laws in conducting their business—those pertaining to cybersecurity also need to be complied with.

Manufacturers can demonstrate their cybersecurity credentials by showing their compliance to the relevant regulations, standards, and laws. By doing this, they can reassure their customers that data and privacy are a high priority and will be kept safe by the company.

Data protection and privacy, especially when it entails sensitive or financially exposed details, are crucial for any manufacturer.

Training for staff

Keeping staff abreast of the latest cybersecurity considerations will bolster manufacturers’ defences against cyber threats. Having staff that know about phishing emails and the importance of strong passwords can collectively defend cyber threats.

Prompt crisis response if a cyber threat eventuates

If the worst occurs, quickly detecting, identifying, responding to, and recovering from cyber threats will minimise the overall impact on a manufacturer.

Cybersecurity is set to become an increasing demand for manufacturers and keeping abreast of best practice defences and security considerations will be the key to diminished operational interruptions and therefore increased profits. Using reliable, cloud-based vendors to store your data, such as ECI’s M1 ERP will also minimise your cyber threat.