Cisco UK & Ireland Blog

4 Reasons Why Industrial Cyberattackers Are Targeting Your Factory

December 22, 2016

The UK is currently the 9th largest manufacturing nation, with industry not only generating 10% of GVA but 45% of exports, 14% of business investment and a whopping 68% of business research & development, according to EEF. So it’s no surprise to learn that our manufacturers represent a very attractive target for cyberattackers.

It might not actually make the world go round, but manufacturing certainly plays a hugely significant role in just about every aspect of everyday life, representing 14.73% of world GVA and generating £8.6m in global revenues, according to the World Bank. From food to life sciences to technology and the components that make up our national infrastructures, we’re reliant on the value chain to keep on delivering.

Manufacturing is now one of the top three industries targeted in cyberespionage, the second in percentage of spam in email and the third in spear-phishing (emails that appear genuine but are targeted at a particular organisation). Worryingly, the number of attacks on industrial supervisory control and data acquisition (SCADA) systems doubled from 2013 to 2014 as these antiquated systems were increasingly connected to corporate networks and the internet. Our infographic covers the threat in numbers.

But just who is targeting the UK’s factories, and why?

In the roll call of those with the means, the motivation and a proven track record of cyberattacks on manufacturers, global organised crime groups rub shoulders with state-sponsored corporate espionage groups and politically-motivated activists. And they’re fighting for supremacy with dishonest employees and former employees, who also have vested interest in illegally accessing networks and data.

To understand why manufacturers top the list of targets for cyberattacks, let’s take a look at what cyberattackers have to gain:

#1 – Valuable intellectual property and confidential data. Acquiring information such as product specifications, designs or formulae or customer order schedules can enable a catalogue of nefarious activity including counterfeiting of goods, interception and theft of physical goods and unfair competitive advantage in commercial negotiations such tenders. To put this into context, the UK Government has estimated £9.2 billion is lost to cyber theft of IP and £7.6 billion to cyber espionage each year.

#2 – Cold, hard cash. Downtime and disrupted production schedules are guaranteed to impact manufacturers’ revenues, while benefiting others who could step in to fulfil a key customer requirement. And knowing the cost is adding up by each hour production is down, cyber criminals are in a strong position to demand a ransom, a tactic which is gaining popularity fast. A recent analysis of downtime by sector estimated the cost of unexpected stoppages in the automotive industry at over £17,000 per minute.

#3 – Control. With factories and machines connected more and more, the reliance on remotely controlled operational technology is growing exponentially, and with it the sheer opportunities to infiltrate and subvert:

Case #1: A massive cyberattack on German steel giant ThyssenKrupp in 2016 saw hackers steal project data from the company’s plant engineering division and from other areas yet to be determined. ThyssenKrupp announced the attack in December 2016 having identified and cleansed infected systems and implementing new safeguards.

Case #2: Chinese manufacturer Hangzhou Xiongmai Technology Co Ltd recalled some of its products sold in the USA in 2016 after security researchers identified it had made parts for devices that were targeted in a major global hacking attack. Hackers unleashed a complex attack on the Internet through common devices like webcams and digital recorders, and cut access to some of the world’s best known websites in a stunning breach of global internet stability.

#4 – Damage to brand/reputation. The jury’s out on the precise monetary impact of a publicised data breach. Analysis by security experts including the Ponemon Institute suggests cyberattacks create a negative perception on the scale of an environmental disaster while the stock prices of global brands including Target and eBay have bounced back post-incident. It’s fair to summarise that publicised breaches are not good news for corporates and create some tough questions for the C-suite. Regulatory changes including, notably, the EU GDPR, will force industrial businesses to disclose cyberattacks, even where no customer data has been compromised.

The unpalatable truth is that many manufacturers are behind the curve in security because they have not been held to compliance standards like those introduced in financial services (e.g. PCI) or the healthcare industry. This means there is a lower investment in cybersecurity and adoption of critical information security practices such as penetration testing across the industrial sector.

And the result? Put simply, cyberattacks are costing UK manufacturers, and the economy as a whole, dearly. According to UK Government research, 90% of large businesses and 74% of small businesses reported having a security breach in 2015, both figures up on 2014. The average cost of these breaches was between £1.46m – £3.14m for a large firm and £75k – £311k for a small business. The cost alone, even without the implications of being required to publicly report an attack, makes information security a significant corporate governance issue, which companies are increasingly including in their annual reports.

There is no way of completely preventing a cyberattack in the same way that there is no way of stopping an attempted burglary. However, there are ways to mitigate the threat and impact of a security breach while increasing the likelihood of success. A cybercriminal is more often than not going to take the path of least resistance. This means that organisations with stronger cybersecurity programs are less likely to attract cybercriminals in the first stance, and in the second are better placed in the event of an attack.

As digital transformation brings more users, devices and applications online, manufacturers are challenged to protect an expanding attack surface. With more space to operate in and greater opportunities to generate a profit, active adversaries are relentlessly targeting the industrial sector who, in response, are deploying up to 70 disparate security products to address a variety of needs — a practice that is difficult to manage and often leaves businesses more vulnerable.

While potentially increasing capabilities, this conventional, niche-product approach to security can create unmanageable complexity that results in a security effectiveness gap. Through its security architecture, Cisco’s security portfolio increases capabilities but also decreases complexity, helping its customers to close the gap and be more secure.

Next steps:

  • Watch our video on how to achieve connected factory security
  • Check out our infographic on Connected Factory Security
  • Sign up to the Cisco UK & Ireland blog to make sure you don’t miss the next in the series
  • Visit our web page to read more about Cisco solutions for manufacturers
Leave a comment