2 minute read
What recent cyber attacks have taught manufacturers
Peter Baily, Regional Business Manager – Cyber at Kordia Group
Widespread Australasian attacks like those seen against Optus, Pinnacle Health, and Medibank saw operations grind to a halt, consumer trust erode, and sensitive data exposed. The manufacturing industry isn’t immune to these types of attacks, and my guess is that it will only be a matter of time before a prominent New Zealand manufacturer is in the same boat.
Advertisement
You might ask, what would a hacker gain by attacking your business?
Manufacturers are particularly vulnerable to cyberattacks, especially ransomware. Legacy back-end operating systems that can’t be patched or updated to meet the latest cyber security standards are rife throughout manufacturing supply chains and make easy targets for opportunistic cyber criminals.
Once a hacker finds a vulnerability to exploit and gains access to your systems, they can deploy malware that will cripple your operations, demanding a ransom in exchange for restoring your data and systems.
Production line machinery has been designed to automate processes and boost productivity. Unfortunately, most of these machines come fitted with operating systems that weren’t designed to be easily updated.
This can make it nigh on impossible to remediate faults and bugs in the system, without completely rewriting the software.
Likewise, modern inventory and packing systems often rely on software and digital systems. Imagine if all the computers and servers in your network went down – could you switch to manual operations in order to move stock and manage customer orders?
Once a hacker has entered a system, it can take weeks to safely restore everything. A break in production is devastating for any business, even more so for seasonal businesses like vineyards or harvesting that rely on short production windows.
Globally, cyberattacks on manufacturing companies are all too common. Look at the ransomware attack on Bridgestone Tyres American subsidiary in March last year.
The attack shut down the computer network and factory production in Northern and Middle America for a week. As a supplier to Toyota, the attack on Bridgestone had knock-on effects that impacted the production of Toyota vehicles.
To protect yourself from cyberattacks, it’s vital that manufacturers take steps to understand and remediate the risks associated with cyber threats. A good starting place is to assess and evaluate your infrastructure – what are the key enablers for your business? What systems, technology or processes are critical for keeping your production humming?
Once you’ve determined what your most valuable systems are, your next step is to analyse these with the help of a cyber security professional. This will help you understand what the weak points are around these systems, so you can work on a plan to remediate – or at least reduce - the risk they pose. Ensuring operating systems are sufficiently “hardened” is key to implementing a robust cyber defence strategy. This involves a regular cadence of updates and patching for operating technology and software to close off any vulnerabilities.
In cases where you can’t upgrade software, you can implement other layers of protection that will prevent malicious hackers gaining a foothold into your network.
Training your employees is also key to any business’ cyber security. Simple things like learning to spot a phishing email and enabling multi-factor authentication on employee devices are easy ways to empower your team to support your cyber security goals.
If recent events have taught us anything about cyber security, it’s that no business is immune to a significant cyberattack.
