Why Manufacturing Supply Chains Are at Risk of Cyberattacks

Why Manufacturing Supply Chains Are at Risk of Cyberattacks
Manufacturing Digital May 2022
By Helen Sydney Adams

The ransomware attack earlier this year on a key Toyota supplier is the latest in a string of high-profile supply chain breaches, including SPAR and SolarWinds. Hitting Kojima Industries and forcing Toyota to suspend 28 production lines at 14 factories, the attack also threatened to extend into the Japanese carmaker’s IT systems, highlighting the key vulnerability of supply chains as cybercriminals look to leverage them to access the wider network.

With IBM reporting that the UK manufacturing sector experienced 19% of all UK cyberattacks in 2021, and manufacturing being the most targeted industry sector in the US (23% of attacks nationally), the question remains: Why are manufacturing supply chains so vulnerable to cyberattacks?

The risk of cyber attacks and political instability

The current cyber and political climates are exacerbating the threats posed to the manufacturing sector and their supply chains. Ransomware is now a business-critical issue, having fast become a question of “when” not “if”. The threat this malware poses to the manufacturing industry is undeniable considering reports show that global supply chains are bearing the brunt of ransomware attacks. Further compounding the issue is the fact that some organisations are still paying out to ransomware gangs, going against official guidance from the National Cyber Security Centre (NCSC).

Ransomware has also become a greater threat following Russia’s invasion of Ukraine earlier this year. The conflict has increased the cyber risk to key national infrastructure, with utilities and the public sector having particularly large targets placed on their backs. Although companies may dismiss the threat of cyberwar as not applicable to them, any small business part of the supply chains is a potential target and victim. Cybercriminals are becoming more organised and targeted in who they launch attacks against, seeing “success” in attacking smaller organisations with weaker cybersecurity protection, and exploiting them as a back-door entrance to the wider supplier network.

How the manufacturing industry can proactively defend its cybersecurity

Manufacturing businesses and supply chains should be looking to proactively adopt cybersecurity measures. First, they must recognise the importance of a strong cybersecurity posture and understand the risks of being part of a supply chain. For any organisations working together, it is integral that liability around cyber breaches is contractually agreed and all partners can provide evidence of the cybersecurity procedures they have in place. Implementing regular penetration testing, for example, can help identify key areas of vulnerability and outline how to bolster them – a critical step when considering IBM found that 47% of cyberattacks on US manufacturing organisations were caused due to vulnerabilities that had not yet or could not be patched.

Concurrently, cybersecurity training for employees conducted regularly can significantly reduce the likelihood of accidental insider threat, while adopting a Zero Trust architecture represents a greater cultural shift. By believing that every asset, device and user is a potential threat, Zero Trust removes implicit trust to ensure that malicious actors cannot access a network by hacking a privileged user’s account. Adopting a security-first mindset across all levels of the supply chain can aid the implementation of a Zero Trust architecture and culture, and help manufacturing organisations better protect themselves against cyberattacks.

Although these measures are all vital to improving the manufacturing sector’s cybersecurity posture, ultimately working with a trusted security partner is one of the best ways organisations can protect themselves. Outsourced Security Operations Centres (SOCs) provide 24/7/365 threat monitoring to businesses, allowing them to benefit from the aggregate value and industry-wide knowledge of the threatscape cybersecurity professionals have acquired.

Supply chains will continue to be a huge target for hackers, and the levels of cybercrime in the UK show no sign of abating. Manufacturing organisations and those they work with must be hyper-aware of the risks that ransomware poses to their business. Yet it is not all doom and gloom. These risks can be mitigated, but this must be done proactively and holistically to always stay one step ahead of bad actors.