Hackers Seek to Capitalize on Pandemic, Target Manufacturing
In times of crisis, there will always be agents looking to capitalize. As the world scrambles to adapt to COVID-19, there’s been a booming rise in technology for everything from telecommuting to pivoting supply chains. The problem is, these IT solutions are cobbled together. Unknown vulnerabilities are a playground for hackers, and already there have been high-profile cyberattacks across the world.
Cyberattacks are on the rise
Several cyberattacks have made headlines since the pandemic started. The most recent, an attack on U.K. power administrator Elexon, shows just how devastating these attacks can be and how sophisticated cybercriminals are. Elexon emerged from the attack relatively unscathed; however, hackers were still able to disrupt the company’s internal email system. More worrisome, they did it through what was thought to be a secure VPN. What Elexon didn’t realize — and what many companies are now scrambling to confirm — is that their VPN was unpatched, with discrete vulnerabilities.
Elexon’s case represents what many manufacturers currently fear. As they cobble together remote work access points and expand their digital infrastructure to maintain operations during COVID-19, the risk of unseen security vulnerabilities rises. Endpoints thought to be secure might not be, and man-in-the-middle attacks become increasingly possible as remote access grows.
Manufacturing is already a high-profile target industry for hackers. Now, even more opportunistic criminals have reason to take a closer look.
Sophisticated attacks are on the rise
In addition to all the new access points utilized by remote workers during the pandemic, hackers are looking to new types of attacks that capitalize on IT safeguards stretched thin.
Phishing attempts aren’t new, but have taken new forms during the pandemic. Urgent emails from advisors, managers, and even health professionals look legitimate, while snaking everything from identifying information to credentials from unsuspecting users. Similarly, Smishing involves using text messages and chats to accomplish the same thing. One moment a user is chatting with a peer or supervisor, the next, they’ve accidentally divulged access information to malicious actors.
Attacks on unsecured Internet of Things (IoT) devices are on the rise as well. A favorite tactic of crisis hackers is to seize control of a valuable asset via the IoT and hold it hostage until the company pays a ransom. In fact, ransomware has gotten so bad, the U.S. government has stepped in with a task force.
For many manufacturers, the urgency of maintaining operations during COVID-19 has outpaced forethought for cybersecurity. As a result, hackers have found more fodder and companies may find themselves in a bind.
Make cybersecurity a focus
Cybersecurity continues to be a hot topic for the manufacturing industry. As companies scale into Industry 5.0, cybersecurity is both a topic of emphasis and a barrier to adoption — it needs to be done right, at-scale. Right now, as digital infrastructure expands in the face of demand, manufacturers should focus on a few key essentials to keep their networks safe from cybercriminals:
- Ensure remote access to the business cloud is secure and fully patched.
- Invest in deep packet inspection software to detect malicious activity.
- Run integrity checks routinely to identify and patch access points.
- Enable two-factor authentication and single-sign-on (SSO) security measures for all off-site employees.
- Create a chain of trust for all network-enabled devices for traceability.
- Deploy privilege separation for software on industrial machines.
Above all, encourage employees to make smart decision regarding digital access and use caution when interacting with the network. Don’t open unexpected emails. Never divulge personal information. Always question before you click. We can’t stop or slow down the rising frequency of cyberattacks on manufacturing, but we can take appropriate steps to protect ourselves.