Cyber risks facing the manufacturing industry: Will you be able to respond and recover from ransomware?

Unpredictable and fast-moving, a ransomware attack will test business resilience.

Ransomware is the fastest growing cyber-crime and a significant risk to businesses of all sizes, many of which do not have a comprehensive recovery plan or staff training procedures in place to reduce this risk. [1] Criminals are taking advantage of this lack of preparedness, causing substantial disruption and damages, for financial gain.

Ransomware: What it is and how it can impact business

Ransomware is a type of malicious malware that can encrypt, delete of steal files, preventing the user from accessing their data or computer  until a ransom payment is made. [2] It is important for corporate leaders to be aware of how ransomware can infect a computer system. The most common channels include the following:

• Unsolicited emails containing downloadable malware attachments;
• Unpatched software vulnerabilities in operating systems, web browsers, browser plug-ins or applications;
• Data transfer between computers via USB memory sticks.

According to The Economist, data has become the world’s most valuable resource and the dependency on integrated technology systems for highly efficient operations make businesses vulnerable to a cyber-attack. [3]  In the 2019 Cybercrime Report by Cybersecurity Ventures it predicts that ransomware damages will cost $20 billion globally by 2021 and that a business will fall victim to an attack every 11 seconds. [4] During a ransomware attack sensitive commercial data such as intellectual property and personal data held about employees is exposed to uncontrolled risk – this is a key concern given the increased sensitivities surrounding GDPR fines. In addition, due to ransomware’s paralysing effect on IT systems, business competitiveness can be impacted due to a lack of productivity, data control, financial loss and long-term reputational damage.

Risks to manufacturers

Ransomware is one of the most significant threats to manufacturers in 2020 and is progressively becoming targeted by coordinated advanced ransomware attacks. [5] Given this industry is dependent on complex technologies to drive efficient production lines and innovation to remain competitive, it makes it attractive to cyber criminals, where maximum disruption would cause substantial financial gains. Other incentives include poor investment into cyber-security infrastructure and unguarded industrial control systems (ICS). [6]

Case studies: Learning from past ransomware attacks

Within the last year, a number of European-based producers have fallen victim to extensive malicious malware breaches on their systems. Recently, on January 13 2020, Picanol, a manufacturer of weaving machines based in Belgium suffered a large-scale ransomware attack on their computerised production systems, causing financial loss. [7] A similar case occurred previously in June 2019 as ASCO, a manufacturer of aircraft parts, fell victim to a ransomware attack that severely disrupted their production lines globally, with operations coming to a standstill across Belgium, Canada, Germany and the United States. [8] This attack followed the high-profile ransomware attack on Norsk Hydro, one of the world’s largest producers of aluminium in March 2019. [9] The impact was so severe that the company’s shares fell by 3.4 percent and aluminium prices soared on the London Metal Exchange. [10] It has been reported that the company suffered a financial loss of more than $40 million in the week following the attack. [11]  These cases highlight the severe impact that ransomware can inflict on large-scale manufacturers and the need for robust risk management programmes.

The risk to manufacturers has a sound foundation. In the 2016 Deloitte and, Manufacturers Alliance for Productivity and Innovation (MAPI) study, it reports that 40 percent of manufacturing firms experienced a cyber-attack from 2015 - 2016, with 38 percent suffering over $1 million in damages. The study also found that although 87 percent of manufacturing companies have a disaster recovery plan in place, only 37 percent have the plan in a tested state. [12]

More recent figures suggest manufacturing companies have been slow to improve their cyber-risk management. In the 2019 Deloitte and MAPI Smart Factory Study, 1 in 4 manufacturers surveyed did not carry out a cyber-risk assessment in the past year, potentially turning a blind eye to the impact of a cyber-attack. [13] The report also found that 4 in 10 manufacturers surveyed revealed that cyber-attacks affected their operations within the last year, with an average financial loss of $330,000. [14] Alarmingly, the study highlighted that between 2017 and 2018, ransomware related incidents increased threefold. It is suggested that the cause of increased cyber-attacks in the manufacturing industry is due to a misalignment between Informational technology (IT) and operational technology systems. [15]

Furthermore, there has been a disturbing development in the ability for ransomware to target specific industrial control systems (ICS), such as those used in manufacturing facilities. [16] SNAKE or EKANS, the malware behind this surfaced in December 2019 and has been designed to encrypt the software used to monitor infrastructure. An example of this would be factory robots on a production line, whereby an attack could take control away from employees ensuing life-threatening consequences, in turn resulting in costly claim settlements.

As ransomware attacks become more sophisticated, manufacturers must take a proactive and strategic approach to cyber-risk management. This is not only important to maintain business continuity but also for stakeholder management, not least in terms of relationships with suppliers and customers.

Risk Management: Steps to take

Cyber risk will be unique to each business and therefore risk management and awareness of what you have to protect is key.  In case of attack it is important that an effective recovery and communications plan and a comprehensive cyber insurance policy have been put in place.

Other steps to take include:

• Back up your data
• Use antivirus software and activate your firewall to ensure network security
• Regularly patch your operating systems and applications;
• Control the use of USB drives and Memory Cards.
• Supply chain and vendor risk management.

In our Cyber Security Guide we outline additional steps to take:

• Secure passwords policy and two-factor authentication
• Restricted user access and management of user privileges
• Cyber Essentials Certification
• A cyber insurance policy

Recent figures show that 90% of data breaches are a result of human error. [17] Examples of cyber security threats caused by human factors include: poor password security, mis-delivery of sensitive information and accidentally clicking on malicious links and attachments in emails.

Manufacturers must ensure that their employees receive training to improve and support their cyber security strategy. The National Cyber Security Centre (NCSC) provides 10 Steps to Cyber Security plan and a number of free online training tools for businesses:

• Having plans in place should things go wrong: test and practice your business cyber incident response using the ‘Exercise in a box’ tool. 
• Reducing cyber incidents caused by employee behaviours: educate your employees using the ‘Top Tips For Staff’ training tool.
• Managing third party cyber security risk: set out security measures for suppliers and partners, and train your staff in procurement roles on how best to protect commercially sensitive information using this online course.

Whilst Cyber Insurance will not protect you from an attack, it allows for some of the financial risk to be transferred and assist with mitigating disruption. Cyber Insurance with its unique service led proposition can provide critical incident response expertise.

References:

[1] https://www.herjavecgroup.com/wp-content/uploads/2018/12/CV-HG-2019-Official-Annual-Cybercrime-Report.pdf       

[2] https://www.ncsc.gov.uk/guidance/protecting-your-organisation-ransomware

[3] https://www.economist.com/leaders/2017/05/06/the-worlds-most-valuable-resource-is-no-longer-oil-but-data

[4] https://www.herjavecgroup.com/wp-content/uploads/2018/12/CV-HG-2019-Official-Annual-Cybercrime-Report.pdf

[5] https://www.kennedyslaw.com/thought-leadership/sitting-ducks-manufacturers-targeted-in-vicious-ransomware-attacks

[6] https://www.oswaldcompanies.com/media-center/cyber-risk-concern-grows-among-manufacturers/

[7] https://www.picanol.be/news/press-release-cyber-attack-update-january-31-2020

[8] http://www.asco.be/news

[9] https://uk.reuters.com/article/us-norsk-hydro-cyber/aluminum-maker-hydro-battles-to-contain-ransomware-attack-idUKKCN1R00NJ

[10] https://uk.reuters.com/article/us-norsk-hydro-cyber/aluminum-maker-hydro-battles-to-contain-ransomware-attack-idUKKCN1R00NJ

[11] https://www.reuters.com/article/us-norway-cyber/norsk-hydros-initial-loss-from-cyber-attack-may-exceed-40-million-idUSKCN1R71X9

[12] https://www2.deloitte.com/content/dam/Deloitte/us/Documents/manufacturing/us-manufacturing-cyber-risk-in-advanced-manufacturing-executive-summary.pdf

[13] https://www2.deloitte.com/content/dam/Deloitte/us/Documents/energy-resources/cybersecurity-for-smart-factories-mfg.pdf

[14] https://www2.deloitte.com/content/dam/Deloitte/us/Documents/energy-resources/cybersecurity-for-smart-factories-mfg.pdf

[15] https://www2.deloitte.com/content/dam/Deloitte/us/Documents/energy-resources/cybersecurity-for-smart-factories-mfg.pdf

[16] https://dragos.com/blog/industry-news/ekans-ransomware-and-ics-operations/

[17] https://www.ncsc.gov.uk/report/weekly-threat-report-7th-february-2020