Think manufacturing plants are unlikely to be prime targets for hackers and cyber-criminals, given the plenitude of other marks they have to choose from?
You couldn’t be more wrong. Recent research from Verizon suggests they’re under siege and uniquely vulnerable, courtesy of a prevalence of outdated technologies that can provide an easy ‘in’ for illicit operators seeking to infiltrate corporate networks via the back door.
The Australian manufacturing sector generates revenue of $388.4 billion and employs more than 800,000 people across a range of industries, including food, chemicals, pulp and paper, machinery and equipment and furniture, according to Ibisworld.
While some sectors, such as healthcare, face their greatest cyber-security threat from within, Verizon’s 2018 Data Breach Investigation Report suggests the reverse is true in the manufacturing arena. Some 89 per cent of all attacks globally were perpetrated by outsiders, it found.
Counting the cost
Successful infiltrations can cost companies dear. According to the Australian Criminal Intelligence Commission, cyber-crime comes with an annual bill to business of $1 billion, in direct costs alone. Indirect costs, such as damage to identity and reputation and loss of business, are more difficult to quantify.
A study by Frost and Sullivan, commissioned by Microsoft in 2018, put the figures much higher. Their research suggests the potential direct economic loss for Australian businesses as a result of cyber-security incidents could hit $29 billion a year, when revenue losses, reduced profitability, fines, lawsuits and remediation activities are added to the tab.
Hacker in the house
While vulnerabilities associated with new technologies, such as the Internet of Things, preoccupy the cyber-security sector and hog the column inches, many manufacturers have been slow to mitigate some of their longer standing points of weakness.
Here are a few old-fashioned entry points hackers and cyber-criminals can utilise to access the network and cause havoc, in the head office and on the factory floor.
Beam me in: the video conferencing system
Boardroom video conferencing systems are often inadequately secured by manufacturers. Hacking those which are connected to public Wifi networks can provide ill-intentioned outsiders with a prime opportunity to eavesdrop on the most confidential of corporate conversations. Private networks are a much safer alternative. If going online is unavoidable, a Virtual Private Network (VPN) and additional authentication measures should be put in place.
Danger in the pipes: air conditioning and ventilation systems
Launching an assault on an organisation via its air conditioning system…it might sound like the plot of a Hollywood thriller but it’s a very real threat for manufacturers which are running unsecured ventilation, heating and cooling systems that are connected to corporate networks.
Hackers will find it harder to identify an entry point if IoT devices and sensors associated with these systems are tested and assigned unique passwords before installation. Web-based management systems should be patched regularly and protected by current version cyber-security programs.
An unprotected pathway into the enterprise: printers
Unsecured printers can represent another easy entry point to the entire enterprise, if they’re connected to the internet. Simple ‘hygiene’ practices which we’ve seen neglected on many a factory floor include changing manufacturer passwords at the time of installation, installing software patches promptly and ensuring internet connections are secure.
Removing and destroying hard drives when printers are pensioned off can ensure sensitive corporate information isn’t resurrected from the scrap heap.
Send yourself a copy of that confidential memo: fax machines
Think fax machines went the way of the dodo at least a decade ago? Someone forgot to tell the manufacturing sector. While email, instant messaging and SMS are the most common modes of communication in the average Australian enterprise, almost two thirds of companies still use physical fax machines, according to 2017 research.
Unless adequately secured, they’re at risk from hackers who can use them to reroute documents to their own email addresses. Changing manufacturer passwords and disabling remote access capability lessens the risk of this occurring.
Lock the doors: door access systems and cameras
They’re designed to keep the plant safe physically but surveillance cameras and door access systems can also be subject to compromise. Assessing the vulnerability of these systems and implementing rigorous controls should be part of the remit for the cyber-security team.
Time to act
In 2019, no Australian enterprise is immune to the danger posed by hackers and cyber-criminals. Addressing the most obvious entry points may not be sufficient defence for manufacturers whose operations feature an array of older technology. An holistic audit of operations may be necessary to identify and mitigate the security risks posed by aging equipment and systems.