Perhaps the gravest danger our economy faces today is the risk of major cyberattacks. While most organizations and industries may have the necessary safeguards in-place, companies can never be too careful when it comes to securing the grid.
Over the last several years, we’ve seen ample breaches take place but those that slip under the radar are attacks targeting the more vulnerable, easier-to-crack utilities across the country. In addition, the rate of exposure to threat is only increasing, leaving many utilities ill-equipped to combat harmful breaches and data loss.
Back in May 2021, US-based Colonial Pipeline fell victim to a foreign-fronted cyberattack as a result of a single compromised password. This one vulnerability halted fuel supply processes in the Eastern U.S. and cost the company nearly $4.4 million in ransom to Russia-based cyber attackers, Darkside. Previously, a European power grid underwent a cyber-related attack when it experienced a drop in frequency—when the power load is mismatched by the power being generated -which resulted in widespread blackouts across the Balkan Peninsula.
While complex industries such as financial institutions, medical facilities, and trade entities have been the most frequent—and most-covered—victims of cyberattacks, many companies within the manufacturing sector were fortunate to be lower priority targets for cybercrimes and data breaches. Two factors have altered this dynamic. First, due to COVID, remote access to manufacturing networks has increased dramatically, significantly increasing the available “attack surface.” Secondly, ransomware as a means of extortion has made attacking lower priority targets—which often have minimal cybersecurity staff and budgets—easy and extremely profitable.
Addressing the Issue at Hand
To best address the issue, the first step is acknowledging the bright red target manufacturers and trades increasingly carry on their backs. In 2019, the manufacturing industry was the 8th most targeted industry for cyber attackers. Today, manufacturing ranks as the second most affected industry, and the threat is increasing.
Manufacturers have become a top target for cyberattacks, in large part, because they misunderstood the threat, failed to recognize the scope of their vulnerabilities, and waited too long to enact reliable, comprehensive preventive measures. Now, with rising labor and supply costs, already tight cybersecurity budgets are being squeezed dramatically. Creating a very real dilemma for manufacturers.
Other Factors Posing Greater Risk
Nearly every sector has been deeply affected by the current labor shortage. Industries such as retail, construction, utilities, and now especially manufacturers, have been hit hard by the current skilled worker crunch. Even as manufacturing production has begun to rise to pre-pandemic levels, labor shortages still linger, with nearly 90% of manufacturers reporting trouble finding and retaining workers, a 17-point increase from just last year. Furthermore, the pandemic has significantly accelerated early retirements among experienced manufacturing workers, which will grow steadily as this workforce reaches retirement age. Having an in-house cybersecurity team was already extremely difficult prior to this new wave of attacks. Now, the costs for such a team are rising dramatically, further roiling budgets and creating greater uncertainty as understaffed and overworked departments provide fewer eyes to monitor cybersecurity threats and institute best practices. All these factors make the implementation of an effective, comprehensive cybersecurity solution a necessity.
Another key issue is cyber vulnerabilities increase every year as technology evolves. Even as more bad actors seek to attack the manufacturers or the power grid, technology is opening more doors for them to walk through. While the internet of things (IoT) and cloud-based options improve data collection and coordination and promote greater efficiency and safety, these tools also create attack surfaces for cyber attackers to exploit. The pandemic, which forced millions to begin working remotely, also further weakened cybersecurity.
Staying proactive and closing doors as new technologies are implemented will enable companies to address potential risks and prevent cyberattacks. While most companies and systems have been able to recover from previous attacks, there’s no guarantee a critical manufacturing plant is not permanently crippled by a sophisticated cybersecurity event. The industry must work together to create defense plans and incorporate best practices across the board to ensure all information and data is safe and secure.
Along with emerging technologies comes the need for proper training and understanding of how these tools work. Password indiscipline or even a simple compromised flash drive could lead to a catastrophic event. Without proper training, staff is at risk for unknowingly exposing vulnerable data and company assets to third-party entities. Implementing company-wide requirements for suitable certifications and establishing a level of compliance across the organizational workforce acts as an added layer of protection against any accidental data breach.
Implementing a Substantial Solution
To effectively reduce risk, manufacturers must adopt substantial, holistic cybersecurity solutions that cover all tiers within a company. By enabling IT to consistently monitor and proactively address vulnerabilities before an attacker can take advantage of that vulnerability, equipping teams with necessary knowledge and training to avoid the potential risk of exposing valuable data, and adapting company-wide best practices ensures no facet is left exposed. Implementing secure technology solutions and mitigating cyber risks allows companies to stay ahead of cyber threats and ensures the organization is protected from the bottom up.