The Weakest Link in Manufacturing Cybersecurity

An organization can be equipped with state-of-the-art cybersecurity systems, but one significant vulnerability may remain.

People Cyber Metamorworks
iStock.com/metamorworks

An organization can be equipped with state-of-the-art cybersecurity systems, but one significant vulnerability may remain - human error. While safeguarding against sophisticated hacking techniques and malware, many cybersecurity strategies often overlook simple mistakes made by employees. So let’s focus on the common errors made by employees in manufacturing that leave businesses exposed - from unintentional data leaks to phishing scams.

Around 25 percent of all cyberattacks worldwide target manufacturing, and in the U.S. the average cost of a data breach is almost $4.5M.

Human error is a key issue. One of the key reasons manufacturing companies appear to be easy prey for cybercriminals is a general reliance on legacy systems while incorporating newer, advanced technology. This is because a lack of compatibility creates a large number of security gaps, makes systems difficult to manage, and results in a complex network that becomes almost impossible to audit. 

Eliminating human error from the equation also means making some tough choices for the sake of security—even if it’s finding an AWS alternative or having to undergo rigorous training, it’s worth it due to the sheer magnitude that human error plays in today’s manufacturing facility cybersecurity. 

Technological Security Risks

Before we address human error as a weak link in manufacturing cybersecurity we should first understand the technological vulnerabilities that can also leave organizations open to attack. 

  • Legacy Systems. Most legacy systems in the manufacturing industry lack sufficient security, making them an ideal target for cybercriminals. Manufacturing businesses are often painfully reliant on older, specialized equipment and machinery. With new replacements either not up to the job or too costly for a full refit. As such, the industry remains full of vulnerabilities that cannot be mitigated without significant expenditure.
  • Large Digital Footprints. Manufacturing companies are typically huge in terms of their workforce, buildings, and digital footprint. This large digital footprint means the attack surface of the organization is also very large, possessing more vulnerabilities than a much smaller company. In some cases, a business may have millions of individual nodes (devices, systems, and services), resulting in millions of vulnerabilities. 
  • Extensive IoT Networks. IoT (Internet of Things) has revolutionized many industries, including manufacturing, helping to improve monitoring and communication. However, many IoT devices work on outdated software due to the complexity of managing and updating each device regularly.

Human Error: Your Weakest Link

Manufacturers are typically large, with numerous departments, third-party vendors, and a significant workforce. This means a lot of potential human error, regardless of how well-equipped the organization may be in terms of its cybersecurity systems. Humans often ignore security protocols, whether that is accidentally or just corner-cutting. This leave them open to social engineering attacks, falling victim to a phishing scam, failing to protect their login details, forgetting to update their devices, and so on.

Human error isn’t just the stereotypical blunder in the form of an opened phishing email or a botched line of code. It can be the choice of a wrong cloud provider, resulting in vendor lock-in, or something more sinister like having a mole on the inside of using SAP consulting services from a company not well-versed in working with industrial clients.

Although not unique to the manufacturing industry, the five human errors below are the most likely scenarios for a data breach within an organization - potentially resulting in significant downtime and huge expense. 

  1. Poor Password Management. Passwords can be hacked at amazing speeds, with a recent study showing that a 12-character password made up of just numbers can be hacked in 25 seconds. This is why passwords must contain upper-case letters, lower-case letters and symbols to provide sufficient security. According to the study, this type of password would take a few hundred years to crack using the same software. Unfortunately, lots of people take the easy option, reusing the same, low-strength password across a wide number of channels, both personal and at work. This is why manufacturing needs to invest in training to teach employees about the importance of password management. Creating a culture where only strong passwords are used, with different ones for each device or system, ensuring they are updated regularly, and an effort is made to store them securely. 
  2. Not Updating Software. Many employees have work laptops, work cell phones, or use IoT devices on a daily basis. Too often, the prompts to update these devices with the latest patches and security settings are ignored or delayed, creating an opening for cybercriminals. Even utilizing a simple PDF editor can be an unwitting invitation to overly curious cyber criminals who want to attack the facility. Of course, these devices could be updated automatically but this is not viable for some larger organizations that may use multiple systems and networks. In this regard, vulnerability assessment and pentesting (VaPt) software can be a great aid, as it tests the imperviousness of your systems in the first place, allowing you to estimate how much of your resources you should allocate to mitigating the potential consequences of human error. 
  3. Mishandling of Data. The mishandling of data and general carelessness in the workplace is a major vulnerability in manufacturing. This could include accidentally sending sensitive information to the wrong recipient or the unintended publishing of information.
  4. Allowing Unauthorized Access. Remote working means an employee’s family and friends may have access to company devices, such as a laptop. Although innocent on the surface, this could result in unauthorized software being installed, changes to settings and configurations, accidental leaking of information, or downloading malicious files from the internet. As well as a breach of data policies, this unauthorized access could facilitate a major cyberattack that could cost a company millions of dollars.
  5. Minimal Security Awareness. Fundamentally, all of the above comes down to a lack of security awareness. Without training, an employee may not understand the consequences of clicking a potentially malicious link or allowing their child to use a company device. This lack of security awareness is why cybercriminals see human error as the biggest weak link in an organization. 

From dedicated training courses to simple security protocol reminders, the importance of establishing a strong cybersecurity culture is paramount. Manufacturing companies can invest in sophisticated cybersecurity systems, employ highly skilled IT professionals, and develop a robust data protection strategy. However, this could all count for nothing if employees lack security awareness and are not fully trained on security protocol.

From opening malicious links in emails, using poor passwords, and failing to update devices, human error accounts for a large percentage of cyber attacks in the industry. This is why awareness needs to be the priority for all manufacturers in the coming years.

More in Safety