Focus on factories – is it time for Australian manufacturers to ramp up their defences against hackers and cyber-criminals?

by Mark Sinclair, ANZ Country Manager, WatchGuard Technologies

Credit: ID 141780679 © Kao Studio | Dreamstime.com

Think manufacturing plants are unlikely to be prime targets for hackers and cyber-criminals, given the plenitude of other marks they have to choose from?

You couldn’t be more wrong. Recent research from Verizon suggests they’re under siege and uniquely vulnerable, courtesy of a prevalence of outdated technologies that can provide an easy ‘in’ for illicit operators seeking to infiltrate corporate networks via the back door.

The Australian manufacturing sector generates revenue of $388.4 billion and employs more than 800,000 people across a range of industries, including food, chemicals, pulp and paper, machinery and equipment and furniture, according to Ibisworld.

While some sectors, such as healthcare, face their greatest cyber-security threat from within, Verizon’s 2018 Data Breach Investigation Report suggests the reverse is true in the manufacturing arena. Some 89 per cent of all attacks globally were perpetrated by outsiders, it found.

Counting the cost

Successful infiltrations can cost companies dear. According to the Australian Criminal Intelligence Commission, cyber-crime comes with an annual bill to business of $1 billion, in direct costs alone. Indirect costs, such as damage to identity and reputation and loss of business, are more difficult to quantify.

A study by Frost and Sullivan, commissioned by Microsoft in 2018, put the figures much higher. Their research suggests the potential direct economic loss for Australian businesses as a result of cyber-security incidents could hit $29 billion a year, when revenue losses, reduced profitability, fines, lawsuits and remediation activities are added to the tab.

Hacker in the house

While vulnerabilities associated with new technologies, such as the Internet of Things, preoccupy the cyber-security sector and hog the column inches, many manufacturers have been slow to mitigate some of their longer standing points of weakness.

Here are a few old-fashioned entry points hackers and cyber-criminals can utilise to access the network and cause havoc, in the head office and on the factory floor.

Beam me in: the video conferencing system

Boardroom video conferencing systems are often inadequately secured by manufacturers. Hacking those which are connected to public Wifi networks can provide ill-intentioned outsiders with a prime opportunity to eavesdrop on the most confidential of corporate conversations. Private networks are a much safer alternative. If going online is unavoidable, a Virtual Private Network (VPN) and additional authentication measures should be put in place.

Danger in the pipes: air conditioning and ventilation systems

Launching an assault on an organisation via its air conditioning system…it might sound like the plot of a Hollywood thriller but it’s a very real threat for manufacturers which are running unsecured ventilation, heating and cooling systems that are connected to corporate networks.

Hackers will find it harder to identify an entry point if IoT devices and sensors associated with these systems are tested and assigned unique passwords before installation. Web-based management systems should be patched regularly and protected by current version cyber-security programs.

An unprotected pathway into the enterprise: printers

Unsecured printers can represent another easy entry point to the entire enterprise, if they’re connected to the internet. Simple ‘hygiene’ practices which we’ve seen neglected on many a factory floor include changing manufacturer passwords at the time of installation, installing software patches promptly and ensuring internet connections are secure.

Removing and destroying hard drives when printers are pensioned off can ensure sensitive corporate information isn’t resurrected from the scrap heap.

Send yourself a copy of that confidential memo: fax machines

Think fax machines went the way of the dodo at least a decade ago? Someone forgot to tell the manufacturing sector. While email, instant messaging and SMS are the most common modes of communication in the average Australian enterprise, almost two thirds of companies still use physical fax machines, according to 2017 research.

Unless adequately secured, they’re at risk from hackers who can use them to reroute documents to their own email addresses. Changing manufacturer passwords and disabling remote access capability lessens the risk of this occurring.

Lock the doors: door access systems and cameras

They’re designed to keep the plant safe physically but surveillance cameras and door access systems can also be subject to compromise. Assessing the vulnerability of these systems and implementing rigorous controls should be part of the remit for the cyber-security team.

Time to act

In 2019, no Australian enterprise is immune to the danger posed by hackers and cyber-criminals. Addressing the most obvious entry points may not be sufficient defence for manufacturers whose operations feature an array of older technology. An holistic audit of operations may be necessary to identify and mitigate the security risks posed by aging equipment and systems.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
CSO WANTED
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags watchguard technologiescybercriminalsprime targets

More about MicrosoftSimpleVerizon

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Mark Sinclair

Latest Videos

More videos

Blog Posts