Ransomware Threatens Manufacturing Operations

Ryan Spurr

With manufacturing becoming the #1 most attacked industry for two years in a row, the threats are real—and something we all need to take seriously. The #1 result of cybersecurity incidents was extortion, accounting for 32% of all successful events within manufacturing. 

Regarding the types of cybersecurity events, ransomware makes up 23% of all incidents within manufacturing. More alarming is that 70% of all ransomware incidents in manufacturing impact the operational technology (OT) domain, not just traditional IT. This highlights just how critical the risk is and demonstrates how committed attackers are to exploiting manufacturers’ weaknesses not just in conventional IT, but a more concerning trend within operations or industrial environments.

So What? We Have a Firewall

There is a belief that if we implement a firewall between IT and OT, all our risks disappear. Today’s attacks are focused on disrupting operations—that means propagating east and west—infecting every vulnerable or connected OT/IoT/ICS asset on the operational networks. The attacker’s goal isn’t ERP or HRIS in this situation—it’s to take advantage of weak OT networks and security designs to spread ransomware to any factory equipment with the sole purpose of encrypting and preventing normal operations. The reality is that 50% of manufacturers still have poor security perimeters or no network segmentation, making the task of infecting more equipment in your factory a breeze. The demarcation between IT and OT alone will no longer cut it—manufacturers must adopt more complete approaches to network segmentation, micro-segmentation, traffic monitoring, device isolation, and real-time monitoring to ensure the spread of ransomware is limited.

It’s Fine! We Have Backups

Unlike IT-managed assets, most manufacturers lack the necessary remediation tools to minimize the risk of successful ransomware within OT environments. For example, only 19%  of manufacturers could recover from backup, leading to forced ransomware payment. Only 55% of the encrypted or destroyed data was recoverable for organizations that could recover. 

It’s essential to ensure that manufacturers have in place backup and disaster recovery policies and procedures, tools that support operational technology equipment, automation of the process to avoid reliance upon human behavior, and that the end-to-end disaster recovery process has been thoroughly tested. With all of this, you’ll be better equipped to ensure that when a successful ransomware event does occur, your organization is confident that recovery is possible. This type of comprehensive strategy will limit your risk of extortion—or worse, plant stoppage.

Don’t Worry! We Have Cybersecurity Insurance

It’s true. Cybersecurity insurance does help defer the costs born from a successful incident, and in today’s age the average cost per incident is $4.47 million in manufacturing. Financial impact aside, insurance won’t mitigate a frustrated and demoralized workforce, it won’t address missed deliverables and brand impact, and should the breach result in the exfiltration of intellectual property, secretive process knowledge, or partner data, it may be a hard-pressed event to recover from. 

Connection recently surveyed clients and found that cybersecurity was a challenging topic. Cybersecurity is evolving as the industry addresses requirements, risks, and the appropriate pricing to impose on manufacturers. Our survey revealed that many clients still do not have cybersecurity insurance. For those that do, 41% of manufacturers saw their premiums increasing, 25% struggled to comply with mandated security requirements, and an alarming 18% were dropped from policies due to lack of necessary security controls or frequency of incidents. Cybersecurity insurance is essential, but it comes with its own challenges and is unlikely to solve all your business risks.

Let’s Make It Happen

With threats rising in operational environments, cybersecurity insurance becoming harder to acquire, maintain, or afford, and successful extortion events impacting production, it’s time to ensure that your company has the right solutions to keep your business operational.

Our Manufacturing Practice regularly works with manufacturing organizations to help them meet security requirements while ensuring operational excellence, a great workplace, and applying the right fitting technology to enable better outcomes. We have a team of experts from trade, an evolving portfolio of manufacturing solutions, and capabilities to assist IT and OT teams by augmenting their existing skillsets with complimentary advisory services to help your business accelerate technology adoption where it matters most.If your business is interested in learning more about our OT security solutions, engage Connection’s Manufacturing Practice to learn more about this technology, available services, and the many use cases that may benefit your organization.

Ryan Spurr is the Director of Manufacturing Strategy at Connection with 20+ years of experience in manufacturing, information technology, and portfolio leadership. He leads the Connection Manufacturing Practice, go-to-market strategy, client engagement, and advisory services focusing on operational technology (OT) and information technology that make manufacturers more digitally excellent.