How secure are your manufacturing operations from cyber risks?
Many people think organizations need to handle massive amounts of data, such as retailers and health care companies do, to be targets for cyber criminals. In fact, an industry that’s facing more cyber attacks is manufacturing.
The U.S. Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team, or ICS-CERT, which focuses on reducing cybersecurity risks in the nation’s critical infrastructure, investigated 295 incidents in fiscal 2015, up 20% from 2014. According to ICS-CERT, one-third of the incidents involved critical manufacturing, double from a year earlier. After critical manufacturing, the industries with the most incidents included energy, representing 16%; water, 8%; transportation systems, 8%; and government facilities, 6%. Not all such incidents are reported to ICS-CERT, which means the total number likely is even higher.
Manufacturers may not consider their operations to be highly exposed because, unlike service industries and businesses that sell mainly to consumers, most do not store large amounts of personally identifiable data. But data breach is a lesser concern in manufacturing. A significant worry is the growing trend in connected devices and equipment sensors linked to networks.
The threat of hackers gaining control of and manipulating industrial systems is real. In 2014, the German government reported an incident where hackers with knowledge of industrial controls caused physical damage to a German steel mill. The attack came through spear phishing, in which employees inadvertently opened emails containing malware that prevented the mill’s furnaces from shutting down. Similar incidents could cause catastrophic injury in addition to business interruption.
ICS-CERT notes that spear phishing is a common method of accessing critical infrastructure. In 2015, it accounted for 37% of the incidents to which ICS-CERT responded. In addition to social engineering such as spear phishing, connectivity is a major worry. The emergency response team in 2014 discovered 82,000 cases of industrial control systems software or hardware that were directly accessible from the public Internet. A white paper released in December 2015 by ICS-CERT outlines ways that manufacturers and other critical infrastructure operators can improve their cybersecurity.
While manufacturers – and all companies – should closely examine their cybersecurity measures, they also should protect their organizations with cyber insurance. The financial protection and expert resources afforded by cyber insurance policies can make a material difference to organizations before, during and after an incident.
Hylant’s experts are able to help manufacturers assess and mitigate a variety of risks, from cyber to liability to protecting people and property.