Prior to the COVID-19 pandemic, manufacturers were gradually shifting to digital technologies in what the industry calls the Fourth Industrial Revolution, also known as Industry 4.0. When the pandemic began, manufacturers accelerated their digital transformations as they retooled their production lines and back-end operations to meet shifting customer demands, product cycles, and time-to-market schedules, as well as COVID-19 safety protocols.
Even though Industry 4.0 was in full swing prior to the pandemic, it’s still a relatively new concept. Many manufacturers that raced to adopt digital technologies over the past year lack experience with it, and they’re unsure how to tackle the new cybersecurity risks that come with digital transformation. Nearly half (48%) of manufacturers surveyed by Deloitte and the Manufacturers Alliance for Productivity and Innovation (MAPI) said that operational risks, including cybersecurity, posed the greatest threat to smart factory initiatives.
Manufacturers have long been targets for cyberespionage perpetrated by nation-state actors or competitors who are seeking to steal digital intellectual property (IP), such as product design schematics. Often, cyberspies enlist the help of malicious company insiders. Verizon found that 27% of cyberattacks on manufacturers involved espionage activities, and 25% of attacks involved company insiders misusing their credentials.
Cybercriminals are also increasingly targeting the operational technology (OT) systems that manufacturers rely heavily upon. These highly specialized hardware and software solutions monitor and control the physical equipment and processes used on today’s smart production lines.
Cybercriminals Attack IT Systems to Get at Operational Technology (OT) Systems
Prior to Industry 4.0, OT and IT systems were typically siloed from each other, shielding OT systems from cyberattacks. However, as manufacturing became cloud-based and data-driven, IT and OT networks became interconnected. While this interconnectivity enables holistic management of production systems, it enables cybercriminals to use IT systems as backdoors into OT systems.
Cyberattacks on OT systems can have serious real-world ramifications, including production bottlenecks, damage to expensive plant equipment, and threats to human health and life. The BBC reports that in 2014, cybercriminals used a spear-phishing campaign to obtain user credentials to a German steel mill’s corporate IT network. Once inside the mill’s IT systems, the cybercriminals accessed OT systems and manipulated the controls for a blast furnace, causing massive physical damage.
OT systems are also vulnerable to ransomware attacks. BleepingComputer reports that in October 2020, Steelcase, the world’s largest office furniture manufacturer, suffered a ransomware attack that forced it to shutter operations for two weeks. It is believed that attackers used a compromised set of admin credentials to access Steelcase’s network and deploy the ransomware payload.
Enterprise Password Security Reduces Manufacturers’ Cyber Risks
Password security is a great starting point for manufacturers to reduce their cybersecurity risks. Verizon estimates that over 80% of successful cyberattacks are due to weak or compromised passwords, and 55% of manufacturing industry data breaches target user credentials.
Keeper enables manufacturers to address enterprise password security organization-wide and protect both their IT and OT systems. Using Keeper’s zero-knowledge password management and security platform, IT administrators gain complete visibility into employee password practices, enabling them to monitor password use and enforce password security policies, including strong, unique passwords, multi-factor authentication (2FA), role-based access control (RBAC), and other security policies. Fine-grained access controls allow administrators to set employee permissions based on their roles and responsibilities, as well as set up shared folders for individual departments, project teams, or any other group.
Keeper takes only minutes to deploy, requires minimal ongoing management, and scales to meet the needs of any size organization. Not a Keeper customer yet? Sign up for a 14-day free business trial now! Want to find out more about how Keeper can help your organization prevent security breaches? Reach out to our team today.