Significant exposure
Manufacturers present extremely tempting targets to thieves. Business associates and vendors within the supply chain, outsourcing, automation and the failure of equipment all increase the risk. Smaller, independent organizations may be challenged to allocate sufficient resources to network security in a world in which hacking and malware threats evolve very rapidly. For larger operations the biggest risk may be interconnectivity: if production facilities share systems, one small mistake or vulnerability can lead to a breach that results in significant and lasting reputational damage and loss of revenue.
According to The Manufacturer newsletter, “the rise of digital manufacturing means many control systems use open or standardized technologies to reduce costs and improve performance, employing direct communications between control and business systems.” This exposes vulnerabilities previously thought to affect only office computers. In essence, according to The Manufacturer, cyber-attacks can now come from both inside and outside of the industrial control system network.
Manufacturers also need to be concerned about cyber-attacks that would, a) interrupt their physical supply chain, and/or, b) allow access to their system via the third-party vendor, and then take steps to mitigate those risks. When Target and Home Depot were hacked several years ago, it wasn’t a direct attack on them but an attack on one of their third-party vendors. By breaching the vendors’ weak cyber security, the criminals were able to access the larger prize.
Payment Card Industry (PCI)
Commerce without credit and debit card payments is unimaginable. Whether at the point-of-sale, online, or through a call center, the manufacturing industry processes a staggering volume of credit card transactions. A breach of credit card information, which the card brands frequently detect before the organization even suspects any foul play, can result in fines, penalties, mandated computer forensic costs, legal fees, and worst of all, the inability to process payments.