Every company today must be concerned—if not panicked—about the security of its internal systems. We’re all familiar with the hacking of governments, prominent retailers, and large financial institutions, but it happens to manufacturers, too, and more often than you might think. The risks go beyond just that of data loss; hackers can actually cause companies to completely suspend production by getting into systems and preventing any access. The cost of a shutdown like this can amount to hundreds of thousands of dollars for companies that must stand by watching profitability erode as they try to get their systems back up and running.
Case in point: A transmission plant in North Carolina was recently a victim of hackers who spread a virus to the company’s system, then threatened to stop the production line until their demands for money were met. Each hour the line remained shut down would have meant $270,000 in lost revenue plus thousands more in pay for employees to stand idle. The transmission manufacturer’s customer was Toyota. Do you think Toyota would have been happy about the resulting delay in delivery?
Along with the remarkable opportunities made possible today by the Internet of Things (IoT) and, more specifically, the Industrial Internet of Things (IIoT), come costly vulnerabilities. Because IoT involves computers and other devices being wirelessly connected with machinery to monitor and measure performance (using the Cloud/internet to manage the connectivity), there are points of weakness hackers are happy to take advantage of.
How Prevalent is It?
- Cisco Systems Inc. surveyed corporate cybersecurity executives around the world last year and found about one in four manufacturing organizations reported cyberattacks that cost them money in the prior 12 months
- The FBI's Internet Crime Complaint Center received 2,673 ransomware reports in 2016—nearly double from 2014
- In Forbes’ annual Future of Supply Chain survey this past fall, “data security/IT incidents” ranked highest overall of 13 separate risks considered, with 30 percent of respondents saying they were “very concerned”
What Are the Risks?
Ransom. Much like a kidnapping, hackers take charge of controls, then demand money to turn it back over to the company. These cybercriminals know that because most manufacturers are on tight production schedules and have customers waiting for deliveries, threatening delays will get their immediate attention.
In addition to “kidnapping” a company’s systems (including their websites), cybercriminals can cause damage in these ways:
- Data breaches. Hackers aren’t the only ones who can steal important and sensitive information about a company. Vendors and customers also have connections to your systems that could be targeted, and employees can be culprits, too, either intentionally or unintentionally (if one was to lose a company laptop, for example).
- Third-party damages. Because we’re a very connected society, often viruses are spread from one entity to another through email or other means.
- Intellectual property. A hacker can steal proprietary information that can then be used to improve a competitor’s market position.
What to Do
Last year, the US National Counterintelligence and Security Center (NCSC) produced a video designed to help supply chain professionals protect against hacking. It includes some useful tips for ensuring your organization isn’t vulnerable in its relationships, yet there are other things manufacturers need to put in place to secure their systems.
- Pay Attention. Every component of your system—your website, servers, computers, multifunction devices, and more—should all be upgraded as often as possible, and any related security/antivirus packages should be updated frequently, too.
- Know Your Partners. Only by developing deep trusting relations and by practicing due diligence with suppliers will you have the confidence that their own systems won’t make you vulnerable to attack. That means vetting them on a strict set of criteria, getting assurances from their IT people that their systems and your communication with them are adequately protected. The same holds true for customers.
- Test, Test, Test. Conduct what’s called penetration testing—a process that helps determine what attackers can access. During these controlled tests, an experienced consultant evaluates the security of a company’s network infrastructure using the same tools and techniques an attacker would use.
- Plan Your Response. Develop a clear process for dealing with cybersecurity breaches. Involve a consultant with knowledge of the latest—and most sophisticated—methods used by today’s hackers. Formalizing cybersecurity as part of your risk management processes will help reinforce its importance and the steps involved in mitigating it.
- Train Your People. Outline both the risks of cyberattack and the ways to mitigate them. Users are often the most susceptible to virus and hacking because they choose ineffective passwords, click on suspicious links, or download files that contain viruses.
Cybercriminals have found vast opportunities in today’s manufacturing organizations, where the threat of costly production delays make the payment of ransom an option some have been forced to consider. Growing awareness of the risks, however, is helping manufacturers of all sizes develop smart strategies and practices to protect their organizations from harm. Talk to a business management consultant about your systems and its potential vulnerabilities; experienced professionals can develop a “plan of attack” to reduce the threats and protect your business.