Why Manufacturing Industry is Prone to Ransomware Attacks

2017 was clearly an year of ransomwares. We saw Locky, Petya, GoldenEye, Wannacry and their variants. The cases were pretty straight forward –

  • Machines get infected with ransomware
  • If it is a desktop usually nobody cares and formats the drive.
  • If it is a server all of a sudden its a big deal.
  • Hackers ask for money in bitcoins.
  • Impacted users scratch their heads to figure out what to do.
  • They usually dont have backup (or at least a most recent one).
  • They dont know if paying will really unlock the machine.
  • They typically do not pay and put tons of hours to re-do the lost work.
  • Some pay and actually receive the unlock key – and again do not take backups and get hit again.
  • Barring bit of sarcasm, above stories are being heard and ignored, and manufacturing industries are no exception to this.

    Why Manufacturing Companies Are in Trouble?

    It would be easily believed that finance companies and banks would be a typical target. While that is true to some extent, hackers can snatch more money by targeting manufacturing units. This is solely because if the ransomware can disrupt the entire manufacturing process, the ransom amounts can carry a bigger price tag. Thats especially true lately, because with IoT in the picture, an attack can practically render an entire automated process useless and the plant can be brought to a screeching half.

    Manufacturing companies typically lack the focus on IT, although they deploy IoT devices and SAP systems on cutting edge IT infrastructure. Even today, in manufacturing companies an IT department is looked at as an overhead and not an investment. They tend to depend too much on the vendors for firewall configurations, desktop end-point management etc. Following are few areas where manufacturing companies (big or small) lack, which leads to ransomware attacks.

    1. Lack of correct firewall configuration

    2. Missing or inadequate patching system

    3. Liberal access to servers (especially databases)

    4. Inadequate control on USB usage and other media handlings

    5. Missing or improper BYOD policy

    6. Missing plant to plant security

    7. Missing security monitoring

    8. Lack of cyber security awareness

    Its very important to remember that, the weakest link in cyber security is a process and not people. This is especially important while walking the path towards Industry 4.0, IoT and Just-In-Time manufacturing.

    Good news about prevention techniques
    Here is the good part of the story. By nature and culture, manufacturing companies are very process oriented unlike IT companies. I have seen that IT companies take their own data security for granted because they are technical people. Unfortunately they lack the process binding that keeps things tightened. This is not the case with manufacturing units, wherein the words such as KaiZen are still prevalent and really being followed.

    In case of manufacturing companies, if senior management can employ few basic things mentioned below, the risk level can be drastically reduced. Needless to say, this can further lead to higher profitability. The IT management should

    • Realize that CNC machines and Robots are also IT-connected equipment hence can be attacked
    • Perform Network Audit to find out security gaps
    • Re-design network to make it cyber secure and not just functional
    • Deploy security management (patching, monitoring etc)
    • Perform periodic vulnerability assessment of network and web systems (including SAP, ERP)
    • Train IT staff thoroughly and non-IT staff for awareness
    • Think cyber security as an investment (especially walking the path of IoT)