Manufacturing is the 2nd most attacked industry right behind healthcare, and in most cases, they are the least prepared. With email being the top delivery method of these attacks, it must a focus of attention for security. There are a myriad of goals that the attackers may have, but the one definite fact is that if they succeed in their attack, it be expensive, damage your reputation, and if enough intellectual property is stolen, it will have long term impacts on the viability of your business.
WannaCry, which commonly entered through malicious email links and attachments, revealed one of the manufacturing sector’s biggest weaknesses: It was based on a virus that was created by the US National Security Agency to defeat Iranian uranium enrichment machinery. Most attacks were so successful because the software in many manufacturing devices was never updated.
Unlike other types of cybercrime, the primary motivation of manufacturing attacks is not to extort money or simply cause havoc, but steal trade secrets. Intellectual property theft appears to be the motive in over 90% of all attacks on manufacturing facilities.
Very often, the point of entry for malware that is seeking to steal information is an email. It works like this:
A Chinese hacking group, called Bronze Butler, stole ideas from Japanese manufacturers from 2012 to 2018 until it was discovered.
Some other motivations to cyberattacks on manufacturers include:
Phishing – Most types targeting manufacturers seek to exploit users by pretending to be a source that they trust. Nation states commonly will use phishing to bypass other network prevention measures. There are over a dozen different variants, some seeking monetary gain, while others may try to get the recipient to click a link which contains malware.
Ransomware – Hidden within attachments and links in email, this is a major threat to both productivity, data and reputation. It seeks to encrypt data and demand a ransom payment, usually in bitcoin, to get your data back. A network wide ransomware attack can hold data hostage, and cost thousands to recover from.
Malware – Contained within malicious URLs and attachments, is seeks to get onto the company network to steal information. Malware in email is the most effective way for bad actors to infiltrate a network without being caught.
There are number of places in a manufacturing facility where concerns can arise.
Mission critical planning – With complex manufacturing these days, there is little room for any form of delays from downtime, especially of your email. You need email threat protection continuity in place that is automatic that allows your users to continue working when your email is down and even alerts you by SMS when there is an issue with your mail server or provider. ContentCatcher has emergency inbox, hosted in our online portal for all users.
The Internet of Things (IoT) – Every device, from your your CnC machine to your printer is all linked to the network, via wired or even wireless connections. If you’re able to hack the CnC machine controller, you have a toehold into the entire network. A hacker can ride the link directly to the parts that they are seeking to get to. Email is a top tool for delivery for these types of threats.
Industrial control systems – Replacing equipment is expensive and not every device is designed to be used with the latest internet software. Industrial control systems tend to be outdated, hard to protect and, often, simply unprotected. Nonetheless, well-meaning management will seek to connect them to the internet to make them easier to work with and to be better able to track volumes, etc.
Interconnected networks – Throughout a large factory, there maybe different networks all linked to central hub. Once one part of the network is breached through a targeted email to the right contact with access, it is often fairly easy for bad actors to spread throughout the entire network and even to suppliers.
Lack of IT staff – The average manufacturer has only one IT staffer for every 200 people. That makes that one staffer responsible for overseeing all of the vulnerabilities of the systems and the actions of 200 people. Keeping up with email security issues along with dozens of other daily demands is just able to be done in the most effective manor due to time limitations. An advanced cloud based email security system like ContentCatcher eases the burden of email by removing any on-site appliances and offering full support users can rely on when IT staff is unavailable or has questions.
Protecting your email needs to be a top priority, especially given how expensive a single event can be, there are number of things that you can do to secure your email:
Implement NIST Framework – The National Institute of Standards and Technology has implemented a recommended framework for manufacturers. The framework can help to prevent issues by creating a national standard of practices and methods for all manufacturers.
Conclusion
Manufacturers represent a lucrative and easy-to-attack frontier for cybercriminals. The long-term effects of industrial espionage, not to mention damage to reputations, etc. can cost billions over the course of years. Advanced email security is inexpensive relative to the cost of a breach and needs to be in place as it is your first line of defense against email, the top attack vector.
With cyber threats increasing in sophistication, businesses are under pressure to try and stay ahead…
Cybersecurity has become an ever-critical concern for businesses of all sizes. In 2025, as remote…
In the world of compliance and auditing, businesses often have to grapple with a variety…
With the ever-evolving digital world, businesses are under constant attack in the cyber world, which…
Within this contemporary world, when cyber security threats are gradually becoming more innovative and more…
In today's digitized world, the protection of a business's IT infrastructure has become more crucial…