- External actors account for the majority of cyberattacks in the manufacturing industry (75%), but internal actors carry out 30% of attacks, according to Verizon's 2019 Data Breach Investigations Report.
- The motivation of attacks was financial in 68% of cases, espionage in 27% of cases with the remaining attacks labeled as either a grudge or fun.
- Attacks on manufacturing facilities resulted in compromised credentials in 49% of attacks and jeopardized internal data in 41% of attacks, the analysis found. A Deloitte survey found 40% of manufacturers had their operations affected by a cyber incident in the last year.
"With internal actors, the main problem is that they have already been granted access to your systems in order to do their jobs," Verizon wrote in its report. Access can result in privilege abuse, which is the unauthorized access of databases. And internal breaches are often much harder to detect than external threats.
Avoiding threats from internal actors could be a matter of training on good cyber hygiene, according to Sean Peasley, Deloitte partner and IoT security leader.
"The malicious [internal] actor is a threat as well, but I would say there's probably more potential impact because of just lack of knowledge, lack of caring by insiders," Peasley told Supply Chain Dive.
Proper network segmentation can also help to minimize the threat from internal actors by limiting access to applications or databases to specific employees. Segmentation keeps attackers on one part of the network if they do make it in, he said.
Manufacturing companies will also need to provide remote access to vendors who maintain floor equipment. A solution that requires vendors to log in and only monitor their equipment while allowing the company to audit vendor traffic would help, he said.
Finding weaknesses is the responsibility of formal programs within companies that set policy and review their current standing.
Regardless of where the threat comes from though, cyberattacks can leave operations struggling in their wake.
"It can shut down their operations. It can shut down the manufacturing process," Peasley said.
The manufacturing floor used to be "air locked," which means it wasn't connected to the outside world through the internet. Facilities are increasingly connected today due to the rise in IoT technology and companies' desire to use tools for applications including predictive maintenance and inventory tracking.
Companies can weigh the cost of a cyberattack against the benefit of modern technologies with a risk assessment, Peasley said. The average financial impact from an IoT-related cyber incident is $330,000, according to Deloitte.
"This is probably one of the top-three risks that companies need to look at," he said. "So they'll have to answer, by doing that risk assessment, if this is something that's worth it for us."
This story was first published in our weekly newsletter, Supply Chain Dive: Operations. Sign up here.