According to a report by IBM, manufacturing was the most attacked industry globally in 2021, with ransomware persisting as the main culprit, representing 23% of attacks. And with the threat of ransomware not going anywhere any time soon, how can manufacturers eliminate these debilitating attacks?
In 2022, manufacturing was the most attacked industry globally, with ransomware persisting as the main culprit. In fact, one in five ransomware attacks are targeted directly at manufacturing firms.
Threat actors are drawn to manufacturing due to its profitability (the sector hit $44.5tn in 2022) coupled with its vulnerabilities. In particular, its highly digitised infrastructure creates significant exploitable opportunities for cyber criminals.
For the companies being targeted, there is a lot at stake – in addition to lost revenue, manufacturing companies also face stalled production, supply chain disruption and a significant risk of reputational damage.
Ransomware comes of age
So what exactly is ransomware, and why is this threat more prevalent now than ever before in the manufacturing industry?
Ransomware is a form of malware that encrypts files on an endpoint (user’s device) or within a wider network, and demands a ransom for their release. Typically, the perpetrators use social engineering techniques, such as phishing emails, to get users to inadvertently install the malware, which can then give criminals access to a company’s IT network. These attacks are orchestrated by a range of actors – from lone criminals and organised gangs, all the way through to state-sponsored groups.
Over the past decade, these attacks have grown in both sophistication and frequency – they are harder to detect and more damaging once they enter a network, and manufacturing companies are particularly at risk. Business-focused attacks are designed to be as disruptive as possible to increase the likelihood of the company paying the ransom.
The vulnerabilities of manufacturing
While no industry, business type or size or geography is immune from attack, what is becoming clear is that the manufacturing industry is a primary target due to both its profitability and its exploitable vulnerabilities.
The industry’s vulnerability stems largely due to its reliance on computerised systems that control the whole operations spectrum – from managing supply chains to controlling production. This automation and digitisation, which has been embraced by the industry at large, has had huge efficiency gains but has also made the industry more vulnerable to attacks. When ransomware takes these systems offline, a manufacturing company loses its ability to operate. This not only impacts the victim company, but often the supply chain too, amplifying the potential disruption.
This was demonstrated in last year’s ransomware attack on metal manufacturer Kojima Press Industry Co, a major supplier to Toyota Motor Corporation. To limit the impact of the attack, Toyota was forced to shut down operations for all of its plants in Japan.
The crippling impact of a ransomware attack means that the cyber criminals are now able to demand a bigger ransom, and increases the likelihood of a manufacturing firm paying up. In turn these factors both encourage more attacks in the future.
Norsk Hydro, one of the world’s largest aluminium producers, is just one example of a manufacturing company falling victim to a ransomware attack. The attack, which took place in 2019, impacted the organisation’s entire business operations across 40 countries, and cost the company in the vicinity of $71m.
Internet browsers – the biggest threat vector
So how does ransomware manage to gain a foothold within an organisation, often to such a devastating effect?
Within manufacturing, as with other industries, the web browser is the gateway for almost every business activity, providing access and control over critical data and services. In addition to providing access to trusted systems and cloud services, the browser is also used to access the wider internet – and it’s here that the problem lies.
In most enterprises, the user can enable almost any website to send complex content to install and run a programme on their machine, but in most cases, neither the user nor the company has any real knowledge about the website owner or their security practices; they may have malicious intent, or the site may be used or compromised by other parties for nefarious purposes.
Browsers have a range of vulnerabilities, meaning that they – and the individuals and organisations that use them – are at risk of ransomware attacks.
Preying on human fallibility
The Norsk Hydro attack shows the scale of the disruption that can be caused by one attack, and the impact on a business’ bottom line. And the cause of this global disruption and significant financial loss? One employee opening an infected email from a customer.
This holds an important lesson for businesses – just one human error can cost a business millions. And as cyber criminals get increasingly sophisticated at tailoring and targeting their attacks, even the most security-savvy employees can be fooled into clicking on a dangerous link, putting business networks and operations at risk. The ever-changing threat is almost impossible to train staff to avoid – even security experts with decades of experience can slip up.
Cyber criminals are able to generate targeted attacks that are impossible for humans to detect 100% of the time, so spending money on trying to ensure all your staff maintain a perfect record when it comes to spotting phishing attacks is unrealistic and frankly a waste of resource. Manufacturing organisations will continue to be vulnerable, no matter how much staff training is put in place.
The limitations of popular technical security measures
So, if employees can’t be relied upon to protect against ransomware attacks, how about cyber security technology?
Most organisations rely on detection techniques that identify and respond to attacks as swiftly as possible. However, the biggest flaw is that these technologies aren’t equipped to stop the malware from entering a network in the first place – all they do is detect it once it has successfully infiltrated a business’ security perimeter.
What’s more, these tools are limited to defending against behaviour that is already known to be suspicious, meaning that they are often unable to detect zero-day malware infiltration, leaving manufacturing companies extremely vulnerable to attack.
Stepping up security
One alternative solution that is growing in popularity is Browser Isolation, which works by creating an unbreachable separation between the user’s laptop or desktop and the internet. This means that instead of going online and potentially coming into contact with malicious, business-threatening code, employees are instead presented with a completely safe video representation of the web.
Full Browser Isolation applies an approach called ‘Pixel Pushing’ which converts the browsed web page into a safe, interactive video stream, therefore completely isolating a company’s devices from the risky internet. This removes all risk of ransomware attacks from the web, regardless of the sophistication or frequency of such threats.
The result of Browser Isolation is that the threat of web-based malware getting into the network or onto an employee’s endpoint is eliminated due to the separation between web and network. Since company endpoints never come into contact with the web, employees can literally click on any link or visit any website without the risk of ransomware infiltration.
For the employee however, the web experience remains exactly the same – they can browse the internet, send emails, watch videos and plenty more besides, exactly as they did before.
At the heart of the Browser Isolation solution is a web security model that does not rely on detection. In other words, rather than detecting malicious content, the isolation model assumes that all content is malicious unless there is good reason to believe otherwise, and creates a protective buffer between the web and a company’s network.
Security needs to remain high on the agenda
How to defend against ransomware attacks is one of the most pressing security questions facing the manufacturing industry today.
Successful ransomware attacks not only impact a manufacturing company’s ability to operate, but also potentially its wider supply chain operations too. The risks companies face are both financial and reputational, and an attack can potentially cause irreparable damage to relationships with partners and customers.
In 2022, ransomware attacks increased by 80% year-over-year, and this upwards trend shows no sign of abating. As manufacturing continues to be a top target for criminal groups, a partial defence becomes increasingly problematic. The internet is ransomware’s primary attack vector, so by turning to security solutions like Browser Isolation, manufacturing firms can eliminate these web-based threats.
The time is now for security conscious manufacturing firms to completely rethink their approach to cyber security, to protect themselves through 2023 and beyond.