Cybercriminals target manufacturing more than any other sector, according to an article published by the World Economic Forum. Data in the article shows that the manufacturing sector has been the #1 cybercrime target over the past three years. The reasons why cybercriminals select manufacturers are clear. They include the sector’s low tolerance for downtime, as well as manufacturing’s embrace of AI, cloud, robotics, IIoT, and complex supply chains – which if not secured can provide opportunities for hackers.
The combination of these factors makes manufacturing supply chains a favored target. Therefore, to reduce the amount of cyberattacks, the industry at large must respond through strong, vigilant action.
A supply chain cyberattack typically targets a supplier, vendor or software developer, and introduces malware, often in what appears to be a software update. The goal of this form of attack is to have the malware rapidly spread and infect other businesses in the supply chain. Once distributed, the malware enables cybercriminals to access each company’s data and networks, shut down email or other functions, and hold businesses for ransom.
Vulnerabilities in the Supply Chain
Supply chain cyberattacks are on the rise due to the expanded attack surface that comes from the increased use of cloud services, beacons, sensors, inventory robots, and other technologies. In addition, the IIoT used to connect devices in manufacturing systems via IT networks also connect to OT networks, providing more pathways for attacks.
As manufacturers rely on IIoT for automation and analytics, as well as cloud applications and machine learning for predictive maintenance and smart manufacturing, they in turn rely on more software that can be vulnerable to malware. Given the risks associated with supply chain attacks–lawsuits, reputational damage, terminated contracts, supply chain disruptions caused by partner downtime, etc.–the need for enhanced cyber protection is greater than ever.
A Zero Trust Approach is in Order
Adopting a Zero Trust architecture enhances supply chain security by eliminating automatic trust in device and employee verification processes, including automated software updates. If a compromised update contains malware, it won’t pass strict verification checks.
Zero Trust Network Access (ZTNA) grants access based on user identity and context, including which applications are being accessed. Users are classified by business roles and required access levels. The system assesses the context of each request, including the user's location, device, time of day, and device security. “Never trust, always verify” is how ZTNA operates, continuously verifying user access sessions. This limits an unapproved user or an attacker's ability to move deeper into the network.
The architecture helps organizations prioritize traffic and enables approved users to securely access SaaS and cloud applications across the supply chain, enhancing resilience against third-party security risks while protecting partner relationships. However, implementing Zero Trust can be challenging due to a lack of understanding about the framework, or incorrect implementation.
Gartner predicts that while 60 percent of organizations will adopt Zero Trust by 2025, over half will fail to realize the benefits. It’s therefore critical for businesses to invest time in educating their teams and customers about the implementation of Zero Trust, whether this is through internal training or working with an experienced partner that can offer tailored solutions.
Remember, a supply chain is only as strong as its weakest member. In addition to adopting Zero Trust architecture, partners must communicate and collaborate via shared information systems and regular meetings to anticipate potential threats and coordinate their responses. Strong vendor relationships and SLAs, risk management frameworks, and more can help companies work together to quickly spot and correct potential security gaps before they lead to supply chain cyberattacks that can halt production–hurting businesses and their customers.
Tom Major serves as SVP of Product Management at GTT.