Create a free Manufacturing.net account to continue

The Weakest Link in Manufacturing Cybersecurity

An organization can be equipped with state-of-the-art cybersecurity systems, but one significant vulnerability may remain.

Isla Sibanda
Apr 4, 2024
People Cyber Metamorworks
iStock.com/metamorworks

An organization can be equipped with state-of-the-art cybersecurity systems, but one significant vulnerability may remain - human error. While safeguarding against sophisticated hacking techniques and malware, many cybersecurity strategies often overlook simple mistakes made by employees. So let’s focus on the common errors made by employees in manufacturing that leave businesses exposed - from unintentional data leaks to phishing scams.

Around 25 percent of all cyberattacks worldwide target manufacturing, and in the U.S. the average cost of a data breach is almost $4.5M.

Human error is a key issue. One of the key reasons manufacturing companies appear to be easy prey for cybercriminals is a general reliance on legacy systems while incorporating newer, advanced technology. This is because a lack of compatibility creates a large number of security gaps, makes systems difficult to manage, and results in a complex network that becomes almost impossible to audit. 

Eliminating human error from the equation also means making some tough choices for the sake of security—even if it’s finding an AWS alternative or having to undergo rigorous training, it’s worth it due to the sheer magnitude that human error plays in today’s manufacturing facility cybersecurity. 

Technological Security Risks

Before we address human error as a weak link in manufacturing cybersecurity we should first understand the technological vulnerabilities that can also leave organizations open to attack. 

  • Legacy Systems. Most legacy systems in the manufacturing industry lack sufficient security, making them an ideal target for cybercriminals. Manufacturing businesses are often painfully reliant on older, specialized equipment and machinery. With new replacements either not up to the job or too costly for a full refit. As such, the industry remains full of vulnerabilities that cannot be mitigated without significant expenditure.
  • Large Digital Footprints. Manufacturing companies are typically huge in terms of their workforce, buildings, and digital footprint. This large digital footprint means the attack surface of the organization is also very large, possessing more vulnerabilities than a much smaller company. In some cases, a business may have millions of individual nodes (devices, systems, and services), resulting in millions of vulnerabilities. 
  • Extensive IoT Networks. IoT (Internet of Things) has revolutionized many industries, including manufacturing, helping to improve monitoring and communication. However, many IoT devices work on outdated software due to the complexity of managing and updating each device regularly.

Human Error: Your Weakest Link

Manufacturers are typically large, with numerous departments, third-party vendors, and a significant workforce. This means a lot of potential human error, regardless of how well-equipped the organization may be in terms of its cybersecurity systems. Humans often ignore security protocols, whether that is accidentally or just corner-cutting. This leave them open to social engineering attacks, falling victim to a phishing scam, failing to protect their login details, forgetting to update their devices, and so on.

Human error isn’t just the stereotypical blunder in the form of an opened phishing email or a botched line of code. It can be the choice of a wrong cloud provider, resulting in vendor lock-in, or something more sinister like having a mole on the inside of using SAP consulting services from a company not well-versed in working with industrial clients.

Although not unique to the manufacturing industry, the five human errors below are the most likely scenarios for a data breach within an organization - potentially resulting in significant downtime and huge expense. 

  1. Poor Password Management. Passwords can be hacked at amazing speeds, with a recent study showing that a 12-character password made up of just numbers can be hacked in 25 seconds. This is why passwords must contain upper-case letters, lower-case letters and symbols to provide sufficient security. According to the study, this type of password would take a few hundred years to crack using the same software. Unfortunately, lots of people take the easy option, reusing the same, low-strength password across a wide number of channels, both personal and at work. This is why manufacturing needs to invest in training to teach employees about the importance of password management. Creating a culture where only strong passwords are used, with different ones for each device or system, ensuring they are updated regularly, and an effort is made to store them securely. 
  2. Not Updating Software. Many employees have work laptops, work cell phones, or use IoT devices on a daily basis. Too often, the prompts to update these devices with the latest patches and security settings are ignored or delayed, creating an opening for cybercriminals. Even utilizing a simple PDF editor can be an unwitting invitation to overly curious cyber criminals who want to attack the facility. Of course, these devices could be updated automatically but this is not viable for some larger organizations that may use multiple systems and networks. In this regard, vulnerability assessment and pentesting (VaPt) software can be a great aid, as it tests the imperviousness of your systems in the first place, allowing you to estimate how much of your resources you should allocate to mitigating the potential consequences of human error. 
  3. Mishandling of Data. The mishandling of data and general carelessness in the workplace is a major vulnerability in manufacturing. This could include accidentally sending sensitive information to the wrong recipient or the unintended publishing of information.
  4. Allowing Unauthorized Access. Remote working means an employee’s family and friends may have access to company devices, such as a laptop. Although innocent on the surface, this could result in unauthorized software being installed, changes to settings and configurations, accidental leaking of information, or downloading malicious files from the internet. As well as a breach of data policies, this unauthorized access could facilitate a major cyberattack that could cost a company millions of dollars.
  5. Minimal Security Awareness. Fundamentally, all of the above comes down to a lack of security awareness. Without training, an employee may not understand the consequences of clicking a potentially malicious link or allowing their child to use a company device. This lack of security awareness is why cybercriminals see human error as the biggest weak link in an organization. 

From dedicated training courses to simple security protocol reminders, the importance of establishing a strong cybersecurity culture is paramount. Manufacturing companies can invest in sophisticated cybersecurity systems, employ highly skilled IT professionals, and develop a robust data protection strategy. However, this could all count for nothing if employees lack security awareness and are not fully trained on security protocol.

From opening malicious links in emails, using poor passwords, and failing to update devices, human error accounts for a large percentage of cyber attacks in the industry. This is why awareness needs to be the priority for all manufacturers in the coming years.

Latest in Cybersecurity
Specialty Food Producer Achieves Growth and Traceability with MRP Software
Sponsored
Specialty Food Producer Achieves Growth and Traceability with MRP Software
April 5, 2024
Ep90
Security Breach: DMZs, Alarm Floods and Prepping for 'What If?'
April 25, 2024
Fleet Of Fed Ex Delivery Trucks In A Parking Lot 483290419 4500x3000 (1)
Transportation and Logistics Under Siege
April 24, 2024
Industrial Cyber
5G, AI and More Are Changing OT - Why Zero Trust Could Be the Solution
April 24, 2024
Related Stories
Ransomware
Cybersecurity
Report Identifies Hidden Costs, Challenges of Ransomware
Ep90
Cybersecurity
Security Breach: DMZs, Alarm Floods and Prepping for 'What If?'
Fleet Of Fed Ex Delivery Trucks In A Parking Lot 483290419 4500x3000 (1)
Cybersecurity
Transportation and Logistics Under Siege
Specialty Food Producer Achieves Growth and Traceability with MRP Software
Sponsor Content
Specialty Food Producer Achieves Growth and Traceability with MRP Software
More in Cybersecurity
Specialty Food Producer Achieves Growth and Traceability with MRP Software
Sponsored
Specialty Food Producer Achieves Growth and Traceability with MRP Software
Sales Manager Karen Addenbrook: "It has been terrific for our business and made us enormously more efficient."
April 5, 2024
Ep90
Cybersecurity
Security Breach: DMZs, Alarm Floods and Prepping for 'What If?'
The new factors impacting a growing attack surface, and how to evolve your cyber risk strategies.
April 25, 2024
Fleet Of Fed Ex Delivery Trucks In A Parking Lot 483290419 4500x3000 (1)
Cybersecurity
Transportation and Logistics Under Siege
A look at how this vital and increasingly targeted market sector is responding to more cyberattacks.
April 24, 2024
Industrial Cyber
Cybersecurity
5G, AI and More Are Changing OT - Why Zero Trust Could Be the Solution
Maximizing technology investments while maintaining security.
April 24, 2024
Manufacturing Infrastructure Cyber
Cybersecurity
Avoiding Shutdowns from Ransomware Attacks
A strategic approach for protecting OT networks.
April 24, 2024
IEC 62443 is a key standard to reduce risk of cyberattacks in industrial workplaces.
Cybersecurity
How to Build a More Secure Connected World with IEC 62443
The goal is better efficiency, improved sustainability and interoperability, enhanced reliability and greater cost-effectiveness for system integrators, product suppliers and other stakeholders.
April 24, 2024
Ap24114558425503
Cybersecurity
UnitedHealth Says Wide Swath of Patient Files May Have Been Taken in Cyberattack
Screen shots containing protected health information or personally identifiable information were posted.
April 24, 2024
Coding
Cybersecurity
CISA Releases 7 ICS Advisories
Unitronics, Rockwell and Mitsubishi head the list.
April 19, 2024
Financial Cyber
Cybersecurity
Alarming Trends Reinforced in Ransomware Attack of Semiconductor Mfr.
Experts assess the fallout from the Dark Angel attack on Nexperia.
April 19, 2024
Industrial Cyber
Cybersecurity
Hexagon, Dragos Announce Partnership
The team-up looks to "revolutionize OT cybersecurity."
April 18, 2024
Ransomware
Cybersecurity
Report Shows Updated Ransomware Concerns
Hackers are elevating the complexity of their attacks - making them harder to detect.
April 18, 2024
Cybersecurity In A Bubble
Cybersecurity
Responding to Emerging Risks and Attack Vectors
Insight on key hacker strategies, response plans and creating a culture that embraces cybersecurity.
April 18, 2024
Ep89
Cybersecurity
Security Breach: Weaponizing Secure-By-Design
How a greater focus on new and legacy OT connections could alter the cybersecurity battlefield.
April 18, 2024
Ap24107471702533
Cybersecurity
Cyberattack Costs Hit UnitedHealth in Q1 That Still Turns Out Better than Expected
UnitedHealth is still restoring several services from the February attack.
April 16, 2024
Siemens Image 1
Cybersecurity
An Automatic Cyber Response Solution
The platform works to isolate and quarantine the infected production equipment during an attack.
April 11, 2024