Cyber-security in the Manufacturing World
Unlike the Medical and Financial fields, the manufacturing industry as a whole is still working towards establishing a more universal standard of practices to ensure that manufacturing organizations are secure against a wide array of digital threats. Manufacturers in particular are considered prime targets for cyber-attacks, including:
While the most well-known form of identity theft is when hackers use stolen social security numbers to open lines of credit or obtain loans, manufacturers have another concern: if individuals manage to access a manufacturing organization’s customer database, they can then obtain sensitive information on a larger scale.
A common tactic, where cyber criminals attempt to craft convincing emails to trick recipients into revealing sensitive information, such as passwords, contact information or even financial info and social security numbers. These emails will often have branded letterhead or similar assets to enhance their appearance of legitimacy. Most phishing attempts will be sent to a large audience and are generally easy to identify. This kind of tactic could likely be implemented to great effect if a manufacturer’s customer base is compromised and their contact information obtained.
Unlike normal phishing, spear phishing is using similar tactics to target specific individuals. In the context of a manufacturer, these emails can be made to appear as if they came from a leader or supervisor, requesting or demanding details about access into company control systems or databases. Successful spear phishing attacks could lead to more widespread phishing campaigns as the attackers get access to company data such as employee rosters or customer databases.
While not as malicious as phishing and far easier to identify, filing through and disposing of spam can significantly reduce productivity at manufacturing facilities. A simpler solution to this is deploying a mail service filter than can scan incoming messages for common characteristics of spam, such as determining if the address the message came from lines up with any internal contact info or from verified customers or vendors. However, there will always be a need for human judgment for the more convincing emails, requiring training in identifying spam and the ability to follow up with team members to confirm if a message is legitimate or not.
Manufacturers that use websites to engage with their customers, especially if said customers can order supplies or make payments through said site. Hackers can either find ways to render the website inoperable or change the content on them to mislead users. Even more malicious, they can also embed programs that will automatically install dangerous files and malware on users’ workstations, often without their knowledge.
While national standards are still being created and revised, the National Institute of Standards and Technology have released a framework for organizations to follow to secure themselves more effectively against cyber attack. While they also have crafted specific versions of this framework for particular industries, there is a base that applies to all, including manufacturing.
To see what a partnership with Velox Systems might look like for your manufacturing company, click the button below: