Six steps to stop manufacturers becoming the next ransomware headline

The manufacturing industry has a history of undergoing seismic shifts dictated by developing technology. Stretching back to the first industrial revolution, production and logistics processes have continually evolved. Today, we find ourselves in the midst of what it popularly called the fourth industrial revolution, or Industry 4.0. Digitisation and automation are driving the latest sweeping changes, enabling a connected, data-driven approach that has unlocked ever-greater levels of efficiency and agility.

Periods of change are always fraught with challenges and risk however, and today’s manufacturing industry faces an unprecedented danger from cyber threats. As manufacturers continue to develop larger and more complex networks of connected, internet-enabled devices, they also increase their attack surface and present more opportunities for threat actors to exploit. In particular, these interconnected networks are very vulnerable to ransomware attacks.

Why manufacturers are a popular target for ransomware

While billions of pounds are being spent on digitising operations, security is all too often an afterthought and it’s common to find security practices lagging behind developing technology. What’s more, misconfigured and unsecured IoT components present an easy attack path for entering the network. Many IoT components in use today do not have security resilience built into them, leaving even well-configured environments vulnerable and in need of additional protections.

Cyber criminals have recognised both this weakness, and the lucrative opportunity presented by targeting manufacturers. In particular, the industry is highly vulnerable to disruptive attacks such as ransomware. An infection can quickly lead to an entire operation grinding to a halt as systems become inaccessible or are shut down in a bid to halt the spread. Criminals know that every minute of shutdown is painfully expensive for their victims, and manufacturers will be sorely tempted to pay the ransom. Such attacks have serious knock-on effects as entire supply chains are disrupted by resulting shortages.
In May, a ransomware attack on US meatpacking company JBS shutdown all of its plants, cutting off the source of almost a quarter of the country’s beef. In another recent case, Palfinger, an Australian company specialising in hydraulic systems and loaders, was hit by a major ransomware attack that took down its IT systems across the world.

So, what can manufacturers do to defend their IT infrastructure against these attacks and prevent themselves from becoming the next headline?

The hidden costs of ransomware

Kelvin Murray, senior threat research analyst at Webroot, discusses the hidden costs that can come with a ransomware attack. Read here

Six steps to security

Ransomware is an insidious threat that can quickly rack up billions of pounds in costs for manufacturers. However, the risk of attack can be greatly mitigated by following best security practices. Here are six of the most important things to get right:

1. Comprehensive auditing

Many organisations are not aware of the full extent of their IT environment, and it’s common to find that applications and devices have fallen off the radar. Assets left forgotten but still connected represent a serious security risk.

It’s impossible to protect something if you don’t even know it exists, so a comprehensive audit is essential for gaining full stock of the entire IT estate. This should not only focus on identifying physical devices, but software, system, and user permissions, as well as weak access policies, represent a major threat. Manufacturers should seek to understand how different assets are interlinked, and how a compromised machine will impact other devices and systems.

2. Expanding to third parties

Modern organisations sit in the centre of a complex web of suppliers, and attackers will exploit these connections to circumvent security defences. In one of the most prominent examples, the SolarWinds attack spread through a trusted software supply chain to impact more than 18,000 organisations.
It is therefore imperative that audits need to extend beyond the organisation’s own environment. Manufacturers need to be aware of all third parties in their supply chains, how they are connected to their IT network, and what their cyber security policies are.

3. Including the cloud

Manufacturers should pay particular attention to any cloud services used across the organisation, as poorly secured and misconfigured cloud databases and applications can provide threat actors with easy access to critical data and systems. Organisations need to ensure that cloud assets meet the same security as on-premises systems, with specific attention to user access and backups against ransomware or deletion.

Three guiding principles to establishing data resilience for a hybrid cloud strategy

Stephen Gilderdale, senior director at Dell Technologies, identifies three principles to consider when looking to establish data resilience for the hybrid cloud. Read here

4. Drawing up a roadmap

With a full assessment of both the internal and external IT landscapes, it’s time to create a roadmap for the future. This should account for any potential risks, gaps and vulnerabilities highlighted during the assessments, and a set of actions needed to resolve them. It’s important to set realistic goals that are properly resourced and accompanied with metrics to track progress. Assigning direct ownership of each task will also help to deliver strong outcomes. There are many industry frameworks available that can provide structure to get things moving, with the NIST Cybersecurity Framework for example having a distinct profile for the manufacturing industry.

5. Communicating with the C-suite

A strong cyber security strategy requires buy-in from the organisation’s senior leadership. CISOs and other security heads must be able to effectively explain the company’s level of cyber risk to its board of directors and C-suite and secure their trust if they are to gain the budget and resources they require. Executives are unlikely to have security expertise, so communication should translate cyber risk into business language centred around the operational and financial impact of a breach.

6. Keeping it maintained

Cyber security is never a one and done activity. Once the foundations are set, manufacturers need to have a long-term plan for maintaining their defences and updating the strategy as internal and external factors change. Few organisations have the in-house expertise and resources for continual management and monitoring, so this is frequently outsourced to a managed security service provider (MSSP). This ensures that a dedicated team of security experts will always be on hand to handle both long-term maintenance and response to any security emergencies. MSSPs can also serve as valuable partners for carrying out audits and creating and implementing security roadmaps.

Planning and implementing an updated cyber security strategy to match modern manufacturing processes is no small task. However, the time and resources required are nothing compared to the cost of a serious data breach or ransomware infection – with a single attack often being enough to cripple or shatter an operation.

With proper planning and the right partners to help them, manufacturers can continue to expand their infrastructure and take on new technology without increasing their chances of making the headlines as the next big ransomware victim.

Written by Darren Van Booven, lead principal consultant at Trustwave and former CISO of the United States House of Representatives

Editor's Choice

Editor's Choice consists of the best articles written by third parties and selected by our editors. You can contact us at timothy.adler at

Related Topics