Why Manufacturers are in the Crosshairs of Threat Actors

In today’s modern digitised environment, the manufacturing industry faces multiple interwoven challenges that can have a serious impact on their overall performance and sustainability. 

These challenges include supply chain disruptions, with events such as natural disasters, geopolitical issues, and pandemics disrupting the global supply chain, affecting the timely delivery of raw materials and components. These disruptions put pressure on manufacturing organisations to better plan for potential supply chain uncertainty, while responding quickly to changes in customer demand, and also trying to keep costs low.

Investing in new technologies

Likewise, keeping up with rapidly evolving Industry 4.0 technologies such as automation, artificial intelligence, and other smart factory solutions can be a significant challenge. Manufacturers need to invest in and integrate these technologies to stay competitive.

But with low tolerance for downtime, operations that cross international borders, and servers full of valuable information, cybersecurity threats are an ever-present risk. As manufacturing processes become more connected through the Internet of Things (IoT) and other cyber-physical technologies, the industry becomes more vulnerable to cyber threats. It is estimated that 29 billion devices will be connected by 2030, therefore protecting sensitive data and ensuring the security of interconnected systems is crucial. Unfortunately, however, globalised supply chains exacerbate the problem as they allow attacks to spread between organisations.

Legacy systems that may contain vulnerabilities and other security gaps also present a challenge. Using outdated technology increases the risk of security breaches due to the absence of the latest security features. Such systems are frequently unsupported by their original developers, leaving them without essential security patches and updates. As cybercriminals continually discover new ways to access information, relying on outdated technology not only jeopardises data but may also result in additional expenses, either through paying criminals or losing customers. All the while, manufacturers are trying to maintain and reduce production costs, so while opting for older technology may seem like a cost-saving measure, it could ultimately expose the manufacturer to significant risks and financial consequences.

Repeatedly targeted by ransomware attacks

Manufacturers need to address these concerns strategically to navigate the dynamic landscape of the industry successfully. Implementing robust risk management, investing in technology and innovation, and fostering a skilled and adaptable workforce are key components of staying competitive in the manufacturing sector.

This is easier said than done when you look at how targeted the industry is by cyberattacks. According to Statista, in 2023 manufacturing saw the highest share of cyberattacks among the leading industries worldwide. The sector encountered nearly a quarter of the total cyberattacks and manufacturing was the industry most targeted by ransomware attacks. Companies in this sector saw 638 ransomware attacks in 2023.

Additionally, supply chain attacks are often employed by cybercriminals to manipulate a company’s manufacturing processes through interference with both hardware and software. Malicious software may be inserted at any point in the supply chain, potentially leading to disruptions or outages in the organisation’s services because of a cyberattack.

Clorox breach cost $356 million

One such example in 2023 ismajor American goods manufacturer, Clorox, which suffered significant disruption because of a ransomware attack. According to an SEC filing by Clorox, the attack took many of its automated systems offline, including those by which large retailers such as Walmart and Target order products, highlighting how the breach of one organisation can disrupt an entire supply chain.

While Clorox never confirmed if the attack was ransomware, the fallout, particularly the operational downtime, is consistent with other ransomware attacks. The breach also cost Clorox $356 million due to a 20% decline in sales, based on lower production volumes due to the attack. This is in addition to a steep drop in stock price and the $25 million Clorox spent securing their systems post-breach.

And it is not just ransomware that manufacturers need to defend against. Extensive phishing campaigns enable their perpetrators to gather various forms of sensitive information, including but not limited to bank account details, social security numbers, and credit/debit card information. Alternatively, they may coerce the victim into making a payment directly into the attacker’s bank accounts. Moreover, phishing activities can be motivated by other objectives, such as acquiring sensitive data to tarnish the reputation of the targeted entity or disseminating malicious software to wreak havoc on the company’s physical assets and equipment.

Given the rise of targeted cyberattacks on the manufacturing sector, resilience against threats must be a top priority. Therefore, continuous monitoring and threat intelligence is vital to protect against these ongoing and emerging threats.

How a data driven threat intelligence platform can help

To do this, manufacturers should take a data driven approach to threat intelligence. This is where a threat intelligence platform can help. Serving as the hub of intelligence operations for many industries, our ThreatQ Platform aggregates and combines unstructured and structured data from any source, internal and external. There’s no need to alter existing security infrastructure or workflows; all tools and technologies work seamlessly with our open architecture. Likewise, our no code / low code automation eliminates repetitive, time-consuming tasks so security analysts can focus on high-priority and strategic work. Our platform also provides flexibility to share curated threat intelligence, advisories and reports with a range of internal and external stakeholders, including other organisations in the manufacturer’s supply chain. This contributes to hardening the supply chain against attacks.

Ultimately, we’re helping manufacturing organisations build robust data driven threat intelligence programmes that safeguard their operations, intellectual property, and compliance standing, while ensuring continuous and secure production environments.  As manufacturers look to take advantage of AI and Industry 4.0, and as they automate more of their environment, so they need to ensure that they have robust security measures in place to prevent them from being the latest ransomware victim.


About the Author

Chris Jacob is Vice President, Threat Intelligence Engineering at ThreatQuotient. ThreatQuotient’s mission is to improve the efficiency and effectiveness of security operations with a platform that accelerates and simplifies investigations and collaboration within and across teams and tools. Integrating an organization’s existing processes and technologies into a unified workspace, ThreatQuotient’s solutions reduce noise, highlight top priority threats and automate processes to provide greater focus and decision support while maximizing limited resources. ThreatQuotient’s threat-centric approach supports multiple use cases including incident response, threat hunting, spear phishing, alert triage and vulnerability management, and also serves as a threat intelligence platform.

more insights