When Clorox was hit with a ransomware attack in 2023, the impact went beyond just the infected endpoints. Threat actors succeeded in taking many of the organisation’s automated systems offline and impacted large retailers’ ability to order products from the manufacturer. There was significant operational downtime as it took Clorox over a month to contain the breach, and the resulting financial loss was in the tens of millions USD.
This incident reveals two major points in the world of cybersecurity: one, that cybercriminals know manufacturing organisations make ideal targets due to their low tolerance for operational downtime and two, that these businesses need to invest in stronger, more robust cybersecurity solutions, techniques, and tools.
Why Threat Actors Target Manufacturing Organisations
The Clorox breach was not an isolated incident when it comes to the manufacturing industry. In 2023, manufacturing was the third-most represented industry in Arctic Wolf® Incident Response (IR) ransomware engagements, and fourth-most represented in business email compromise (BEC) engagements. As 2024 continues, Arctic Wolf has attributed 26% of alerts to manufacturing organisations. Additionally, the median cost of a manufacturing ransomware attack, as recorded by Arctic Wolf, is now $500,000 USD.
Threat actors have their sights set on this sector, and for a few reasons:
- Smart factories — a fully digital-first version of a manufacturing organisation, are increasing in frequency, opening new avenues of attack for threat actors
- Supply chains are becoming more interconnected, amplifying the potential reach and impact of a single cyber attack
- As organizations digitalise, IoT devices are often neglected and remain outdated, offering an easy point of initial access for threat actors
- Little tolerance for downtime means these organisations are more likely to a pay ransom or comply with threat actor demands
- The consistent digital business done with partners and third parties makes them targets for BEC attacks
Additionally, manufacturing organisations face several challenges that prevent them from fully realising their cybersecurity goals.
These challenges include:
- A consistent rise in the frequency of cyber attacks (48% of organisations suffered a breach in 2023), specifically ransomware and BEC attacks
- Digital sprawl, which has led to a growing attack surface with obscured visibility
- Weaknesses within their supply chain that open these organisations up to new risks they can’t mitigate alone
- A continued reliance on legacy systems, particularly with IoT devices
- A lack of internal resources and a widening security skills gap
Learn how a cloud-first manufacturing plant uses Arctic Wolf to overcome these challenges.
Recent Manufacturing Cyber Attacks
Cybercriminals are fully aware of the advantages they have when it comes to attacking manufacturing organisations, and they aren’t holding back.
Brunswick Corporation suffered a cyber attack in June 2023 that not only disrupted operations for nine days but cost the organization $85 million USD. Applied Materials fell victim to a ransomware attack that originated in their supply chain in 2023. And Toyota had to shut down systems twice in two years for separate attacks, the latter of which caused a data breach and resulted in the extortion of customer data.
See our top manufacturing cyber attacks and top takeaways.
Ways Manufacturing Organisations Can Improve Their Cybersecurity
While manufacturing organisations need to be aware of the heightened cyber risk they face, there are plenty of actions these businesses can take to harden their attack surface, reduce their risk, and put themselves in a better position to defend against cyber threats.
1. Invest in 24×7 monitoring that offers broad visibility. Manufacturing plants no longer start up in the morning and shut down at night. They’re now online around the clock, across time zones, and circumnavigate the globe through digital operations. That means they need eyes on their environment at all times. By partnering with a third party, like Arctic Wolf, manufacturing organisations can ensure that their operations are being monitored for incidents, unusual behavior, and more 24×7.
2. Follow identity and access management (IAM) best practices to better protect users and business- critical assets. As manufacturing organisations have digitised, they’ve dissolved traditional perimeters, replacing brick-and-mortar server rooms and digital firewalls with scattered, off-site endpoints accessed by remote users. By following IAM best practices — including the governance of who has access to what, access controls such as multi-factor authentication (MFA), and the continued monitoring of that access — these organisations can put themselves in a position to not only better protect data, but be alerted if suspicious access or user behaviour occurs, allowing them to stop threats early.
3. Conduct risk-based vulnerability management. Outdated IoT devices and legacy systems create a major risk from zero-day and existing vulnerabilities. While every vulnerability cannot be instantly remediated, following a risk-based management program, where vulnerabilities are consistently identified, evaluated, and patched, can greatly reduce the threat to organisations.
4. Implement security awareness training. Both ransomware and BEC, two major cyber threats manufacturing organisations face, can begin with social engineering. By implementing effective security awareness training, these organisations can reduce human risk while empowering their users to act as a first line of defense against threat actors.
5. Create an incident response (IR) plan and invest in a retainer. If the worst does occur, it’s best to be prepared. IR planning, be it through documentation, risk assessments, or even through a retainer with a third-party provider, will help your organisation reduce downtime, minimise costs, and secure operations if an incident does occur.
Explore how Arctic Wolf’s security operations approach offers end- to- end security for your manufacturing organisation.
