Search
Close this search box.

Blog

Manufacturing Security Woes: Why Your Widget-Making Workplace is Worrying Me

Joe Sarkisian

ABOUT THE AUTHOR

Joe Sarkisian

Manager

Read Bio

AREAS OF EXPERTISE

Financial Services
Healthcare
Manufacturing
Distribution & Retail
Technology

Share

LinkedIn
Facebook
Threads
X
Reddit
Email

Manufacturing is about efficiency, getting the most widgets and as many buyers as possible, while having as little leftover and downtime as possible. However, flexibility matters too; adapting to the market faster than competitors and being able to change production on a dime to satisfy ever-changing customer demands. You may have noticed that a trend in all of this is doing things fast, and fast is often the enemy of secure.

Now, let’s walk through some stats based on the 2023 IBM Security X-Force Threat Intelligence Index related to the manufacturing industry:

  • The industry accounted for 30% of all extortion cases, which was the leading attack type.
  • It made up 58% of all operational technology (OT) attacks.
  • In this sector, spear phishing attachments and exploitation of public-facing applications tied for the top two infection vectors.

For the second year in a row, manufacturing was the top-attacked industry, according to X-Force incident response data.”

IBM Security X-Force Threat Intelligence Index 2023

To summarize, either users are getting phished and downloading an attachment with a malicious payload, which leads to initial access by the threat actor, or a web application has a flaw that allows access to the internal network. From there, extortion actions take place given that the tolerance for production downtime is nearly non-existent.

The convergence of the OT and IT networks for such organizations is one of the main reasons these attacks are effective. A lack of proper segmentation between these two network types is what allows the initial intrusion that happens on the IT side to spread to the OT side. This is where the real damage can take place, such as a ransomware attack that can bring operations to a halt.

In our own testing, we have found a lack of awareness in how these networks are secured. Therefore, many manufacturers’ beliefs on segmentation practices at their companies are not the reality. Although it is critical that a layered approach to security is implemented across all organization types, manufacturing’s specific vulnerabilities and threat actor knowledge on how to exploit them, make for a mitigation strategy that is somewhat unique.

In other words, segment, segment, segment, then test, test, test!

More holistically, a plan to implement a security standard that includes segmentation, as well as the more generally understood security controls is also a necessity. We often find the following security issues with manufacturing companies far more often than any other industry:

  • Weak password policies that allow for eight characters, sometimes even less
  • Legacy operating systems that are not properly segmented (there’s that word again) from the rest of the network
  • Large gaps in asset management and knowledge of what is actually on the network (and belongs there)
  • Ancient Active Directory tech debt that often allows for rapid privilege escalation by threat actors
  • Lack of strong controls to prevent a social engineering attack from being successful
  • Poor physical access controls

We understand that the nature of this industry has baked in vulnerabilities, but the cost of not properly balancing them with a robust security program is dire. In fact, the cost of a breach in manufacturing is higher than the overall average across all industries. Just ask Honda, Norsk Hydro, and many others that have suffered both in public and private due to a devastating breach.

If you are an organization in this space seeking assistance in implementing your security program, please reach out to a member of our team today!

CONTACT
Joe Sarkisian

Joe Sarkisian

Joe serves as a Manager on Wolf & Company’s Information Technology (IT) Assurance Team. Joe is responsible for coordinating and…

Read Bio

"*" indicates required fields

Get the insights that matter.

Stay informed with priority news and key industry updates by filling out the form to subscribe.
Name*
This field is hidden when viewing the form
This field is for validation purposes and should be left unchanged.

Connect with a Wolf Expert

"*" indicates required fields

Wolf Inquiry Form

Fill out the form below and our team will reach out to you soon.
Name*
This field is for validation purposes and should be left unchanged.

Newsletter (Insight & Case Study | Wolf Website

"*" indicates required fields

Get the insights that matter.

Stay informed with priority news and key industry updates by filling out the form to subscribe.
Name*
This field is hidden when viewing the form
This field is for validation purposes and should be left unchanged.

Data Solutions | LinkedIn Ads Form

"*" indicates required fields

Data Solutions Inquiry Form

Fill out the form below and our team will reach out to you soon.
Name*
This field is for validation purposes and should be left unchanged.

Get back to business with accounting support from Wolf & Company.

"*" indicates required fields

Outsourced Accounting Solutions Inquiry Form

Fill out the form below and our team will reach out to you soon.
Name*
This field is for validation purposes and should be left unchanged.

Data Solutions | Page

Get back to business with accounting support from Wolf & Company.

"*" indicates required fields

Fill out the form below and our team will reach out to you soon.
Name*
This field is for validation purposes and should be left unchanged.

"*" indicates required fields

Data Solutions Inquiry Form

Fill out the form below and our team will reach out to you soon.
Name*
This field is for validation purposes and should be left unchanged.

Connect with a Wolf Expert

"*" indicates required fields

Wolf Inquiry Form

Fill out the form below and our team will reach out to you soon.
Name*
This field is for validation purposes and should be left unchanged.

Fintech Inquiry Form

Fill out the form below and our team will reach out to you soon.
Name(Required)

Fintech Inquiry Form

Fill out the form below and our team will reach out to you soon.

Get back to business with accounting support from Wolf & Company.

"*" indicates required fields

Outsourced Accounting Solutions Inquiry Form

Fill out the form below and our team will reach out to you soon.
Name*
This field is for validation purposes and should be left unchanged.

"*" indicates required fields

DenSecure Inquiry Form

Fill out the form below and our team will reach out to you soon.
Name*
This field is for validation purposes and should be left unchanged.

We’re here to help.

"*" indicates required fields

Fill out the form below and our team will reach out to you soon.
Name*
This field is hidden when viewing the form
This field is for validation purposes and should be left unchanged.