Why manufacturers should fear ransomware

The IoT revolution has transformed manufacturing

Industry 4.0 and the IoT have seen technology and automation become ever more central to manufacturing. Robotics, sensors, wearable tech, machine learning, cloud-based tools and predictive maintenance means processes are more interconnected than ever, and can greatly enhance operational efficiencies. Individual tools, devices and processes can be tracked and controlled remotely and more precisely than ever, at scale.

Yet that push means the line between information technology and operational technology is getting fuzzier by the day, opening up a huge new surface area to cyberattackers. Malware and phishing scams can now open up access to machinery, sensor networks and wireless tech. Cyberattackers can steal or encrypt data, disrupt assembly lines, compromise worker safety and hit stock and quality control. An attack at a single point in a production chain can bring an entire global business to its knees.

The increasingly complex and varied network of technology used in manufacturing, meanwhile, makes setting common protocols and cybersecurity standards extremely challenging. The situation has created a new landscape of opportunity for ransomware-toting cybercriminals who know that corporations are far more likely to pay up than private individuals. All they need to do is sneak into any point in the network – whether through email or compromising a smart device – and they can potentially disrupt production lines thousands of miles away.

Big names have been battered – and you could be next

Cybercriminals are opportunists, and they’ve realised production companies are ripe for the picking. A new breed of ransomware is optimised to hit manufacturers. Ekans (“snake”) targets industrial control systems, and since its emergence in early 2020 has shut down production in Honda factories around the world and even been blamed for deaths in German healthcare. In Australia, JBS Foods’ operations were halted after a five-day cyberattack in 2021; the company ended up paying a $14.2 million ransom to the criminals.

Indeed, Australian businesses are seen as "soft and lucrative targets" according to experts, who fear that government policy is moving too slowly and that manufacturers are delaying security updates due to cost implications. The problem is widespread: Mimecast’s reports show that in 2021, 64% of businesses experienced disruption from ransomware, suffering an average of four days downtime. 76% said they were hurt by their lack of preparedness – up from 64% in 2020. Large companies may be able to weather a cyberattack, but smaller operations may suffer worse consequences: 60% of small businesses in Australia had closed within six months of being hacked.

Ransomware: to pay or not to pay

The Australian Cyber Security Centre advises companies not to pay ransomware, but JBS Foods’ eventual payout is far from the exception. Of companies that were hit, Mimecast’s research shows that 54% paid the ransom – but a quarter of those didn't get the data back, despite paying up. Legal changes that would make reporting any ransomware payments mandatory, stripping some of the secrecy from ransoms and cyberattacks, have been proposed, but progress has been slow.

For now, manufacturers who have been breached have tough decisions to make. Do they make the attack public? Do they pay the ransom? What are the repercussions if they don’t? Beyond the ransom demand itself, the repercussions of a cyberattack can be deeply damaging. The loss of IT systems can cripple business processes, while security breaches can damage company reputation. Security failures and lack of compliance can also invite the scrutiny of regulatory bodies.

How manufacturers can protect themselves

Given these rising threats, your cybersecurity strategies must evolve and cover every aspect of the business. Any strategy should be weighed against the potential impact of cyberattacks and the measures required to combat them. Your controls must match your company’s requirements.

At a company level, having a stakeholder with sole responsibility for IT security across your organisation will help build a robust strategy that can combat new threats. At a network level, increasing segregation can help protect critical systems. Some organisations have already adopted zero-trust policies that demand authentication be carried out for every request. Drilling down, others measures may include:

• ongoing cyber awareness training for staff

• Vetting any new equipment to meet cybersecurity standards

• operational technology monitoring and network security tools

• keeping software up-to-date

• Mandating VPNs and firewalls

• an endpoint inventory to track assets

• an incident response plan

• a backup strategy and offline storage for critical data

How your organisation can stay cyber resilient

Many manufacturers have not updated their cybersecurity policies to take into account the unique vulnerabilities of automation and IoT. Industrial smart devices come in so many different shapes and forms, it can be tough to even identify some of them as ‘IoT’ devices. Setting baseline cybersecurity standards and policies and auditing any interconnected devices should always be part of the procurement process and maintenance scheduling.

Threats, particularly from ransomware, are growing: sitting back is not an option. Cyber resilience requires a concerted response that weighs up your needs and risks. Targeted staff training, network security measures, backup strategies and an integrated approach can help your organisation keep ransomware at bay and make sure your whole operation can stay resilient in the face of any cyber incident.