Log in
Log in
Or log in with
Twitter Twitter
Facebook Facebook
Apple Apple     
Sign up
Or log in with
Twitter Twitter
Facebook Facebook
Apple Apple     


Real-time Estimate Cboe BZX  -  12:13 2022-09-30 pm EDT
120.58 USD   -0.87%
09/29The Africa-America Institute Hosted its 38th Annual Awards Gala - Ceremony Honored the Remarkable Achievements of Africa and its Worldwide Diaspora
09/28UBS Adjusts International Business Machines Price Target to $112 From $118, Maintains Sell Rating
09/28International Business Machines to Redeem 2.875% Notes Due 2022
SummaryMost relevantAll NewsAnalyst Reco.Other languagesPress ReleasesOfficial PublicationsSector newsMarketScreener Strategies

Manufacturing Cyberattacks: Don't Ignore Until It Swims Up And Bites You

07/19/2022 | 04:09am EDT

The manufacturing industry was the most attacked industry in 2021, surpassing financial services, according to billions of data points analyzed by IBM.

Ransomware, the top attack type, accounted for nearly a quarter of the attacks on manufacturing companies.

In the past, cyberattackers focused their attention on the financial, healthcare, retail, and energy industries, allowing many in manufacturing to sail by on the belief that threat actors were not interested in them.

Several factors have combined in recent years, however, to make manufacturing the preferred prey.

Increased utilization of internet-connected operations and industrial control systems, the Industrial Internet of Things, increased security and regulation within other heavily targeted industries, an expanded remote workforce, and other workforce vulnerabilities all act like chum in the ocean to attract predators.

In the past, the sharks may not have shown much interest in manufacturers, but now, "You're gonna need a bigger boat."

Phishing Attacks

Phishing attacks, while targeted at various industries, have been increasing year-over-year in the manufacturing industry, which is now a top target for phishing attacks each year.

A phishing attack tricks the target into opening a malicious email attachment or website by spoofing the identity of the sender.

The attachments and websites contain trojans or other malware that are downloaded and scan systems for vulnerabilities to exploit and/or data to collect—either to be held for ransom or sold on the dark web by the threat actor.

The manufacturing industry is particularly vulnerable to phishing attacks because of legacy equipment, which is fairly easy for attackers to exploit, fragmented security infrastructures attributable to location-based variations in hardware and software technologies being utilized, and large workforces with varying levels of information technology expertise and training.

In addition to ransomware and phishing attacks, manufacturers are also frequently targeted for intellectual property theft, IIOT attacks, and supply chain attacks, where the threat actor infiltrates an organization through a third-party vendor or supplier through viruses or malware in order to disrupt the manufacturer's operations and ripple delays through the entire supply chain.

Soaring Costs

Analysts predict global cybercrime costs to reach $10.5 trillion annually by 2025, more than triple the amount spent in 2015.

If your organization has purchased or renewed a cyber insurance policy, you likely felt the impact in your increased premiums and more rigorous underwriting process.

Cyber insurers raised premiums by a staggering 92% in 2021 according to information submitted to the National Association of Insurance Commissioners.

Those premiums increased by 34.3% in the fourth quarter of 2021 alone.

Notification Requirements

In tandem with the costs of responding to cyberattacks, the notification requirements to individuals and regulators have also been increasing in recent years, with states modifying their breach notification statutes to increase the scope of affected data that must be reported, and shorten the timeframe to do so, for example.

Most recently, and specific to manufacturers, in March Congress passed the Cyber Incident Reporting for Critical Infrastructure Act of 2022, which will require companies considered to be "critical infrastructure" to notify the Cybersecurity and Critical Infrastructure Agency within 72 hours of a significant cyberattack, and within 24 hours of making a ransomware payment.

While the law does not identify which critical infrastructure sectors will be covered by the reporting obligation, CISA's future rule-making may look to the 16 critical infrastructure sectors it has identified as vital to the U.S., which includes the critical manufacturing sector.

In the face of these increasing threats and compliance obligations within the industry, manufacturers must act now and make investments to defend and maintain production; to protect intellectual property, confidential information, and customer data; to avoid financial losses, and to safeguard against physical damage to machinery and other critical systems.

Cybersecurity Plan

A comprehensive cybersecurity plan is imperative, including the following (among other items):

  • Identification of systems, assets, and data, and the risks to each;
  • Protection of those systems, assets, and data with appropriate safeguards to ensure continuity of critical infrastructure and to limit or contain the impact of a cybersecurity incident (e.g., strong password rules, two-factor authentication, timely application of software patches, network segmentation, etc.);
  • Develop and implement the appropriate processes to monitor systems and detect a cybersecurity incident in a timely manner;
  • Develop and implement a detailed response plan, setting forth the appropriate actions to take when a cybersecurity incident occurs to contain its impact;
  • Develop and implement a recovery plan to restore operations and capabilities impacted by the cybersecurity incident; and
  • Training and education for employees at all levels about the dangers of cybercrime, how to recognize phishing and other threats, and how to report concerns or incidents.
  • Consider engaging professional cybersecurity experts and qualified counsel early in the development of a cybersecurity plan, and especially upon the occurrence of a cybersecurity incident.

    Most importantly—practice your response plan. No coach would expect a team to execute plays effectively merely by reading the diagrams in a playbook.

    The best conceived response plan will likely fail in several areas amidst the chaos of a cyberattack if your team has never simulated it, posing significant operational and compliance risks.

    This alert first appeared on CBIA's website and is published here with permission.

    The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

    Mr Marc C. Lombardi
    Shipman & Goodwin LLP
    One Constitution Plaza
    CT 06103-1919
    Tel: 860251 5000
    Fax: 860521 5099
    E-mail: lburns@goodwin.com
    URL: www.shipmangoodwin.com

    © Mondaq Ltd, 2022 - Tel. +44 (0)20 8544 8300 - http://www.mondaq.com, source Business Briefing

    09/29The Africa-America Institute Hosted its 38th Annual Awards Gala - Ceremony Honored the ..
    09/28UBS Adjusts International Business Machines Price Target to $112 From $118, Maintains S..
    09/28International Business Machines to Redeem 2.875% Notes Due 2022
    09/28Aktana Welcomes New Medical Affairs Lead from IBM Watson Health
    09/28International Business Machines Corp : Other Events (form 8-K)
    09/28Global Business Leaders Say Hybrid Cloud is Critical to Modernization, Yet Security, Sk..
    09/27International Business Machines, Saudi Data Authority Sign Agreement to Boost AI Adopti..
    09/27Saudi Data, AI Authority (SDAIA) and Ministry of Energy Partner with IBM to Accelerate ..
    09/27Saudi Data, Ai Authority and Ministry of Energy Partner with IBM to Accelerate Sustaina..
    09/26Evercore ISI Reiterates International Business Machines In Line Rating, $140 Price Targ..
    More news
    More recommendations
    Financials (USD)
    Sales 2022 59 877 M - -
    Net income 2022 5 867 M - -
    Net Debt 2022 36 436 M - -
    P/E ratio 2022 19,0x
    Yield 2022 5,42%
    Capitalization 110 B 110 B -
    EV / Sales 2022 2,44x
    EV / Sales 2023 2,31x
    Nbr of Employees 282 100
    Free-Float 40,0%
    Duration : Period :
    International Business Machines Corporation Technical Analysis Chart | MarketScreener
    Full-screen chart
    Short TermMid-TermLong Term
    Income Statement Evolution
    Mean consensus OUTPERFORM
    Number of Analysts 17
    Last Close Price 121,63 $
    Average target price 143,10 $
    Spread / Average Target 17,7%
    EPS Revisions
    Managers and Directors
    Arvind Krishna Chairman & Chief Executive Officer
    James J. Kavanaugh Chief Financial Officer & Senior VP-Operations
    Juan Antonio Zufiria Senior VP-Global Technology Services
    Kathryn W. Guarini Chief Information Officer
    Andrew N. Liveris Independent Non-Executive Director
    Sector and Competitors
    1st jan.Capi. (M$)
    ACCENTURE PLC-37.70%163 368
    SALESFORCE.COM, INC.-42.23%146 663
    INFOSYS LIMITED-25.91%71 874