That’s the odds of a manufacturing company being targeted for a cyber attack according to Symantec, a leading security software provider. While numerous recent headlines focus on banks, healthcare, even car cyber-hacking, some say that attacks against manufacturing companies appear to be a bit more stealthy, with the intent of stealing intellectual property. And don’t think that because you’re not a huge conglomerate, you’re safe. Typically the smaller the business, the easier it is to cyber-break in. If your company is targeted, your designs, your customer lists, your trade secrets, financial data, can be stolen, hugely impacting not only day-to-day business operations but also long-term strategies and plans.
Testifying before a Senate committee, a National Association of Manufacturers spokesperson said, “As holders of the world’s leading intellectual property, including designs, patents, and trade secrets, manufacturers are consistently targeted by cyber thieves.”
From Zombies to Worms: where your business may be compromised.
In tech talk, a zombie is a computer that’s been compromised by a hacker, most often by malware or a Trojan, and then made to move and store stolen information. Zombie Zero was described as sophisticated malware and typical of a ‘state sponsored’ attack--in this case, China. Once activated, the malware connected to the company’s wireless network and attacked computers belonging to the company, with a focus on systems related to finance and enterprise resource planning systems. After compromising the target’s finance system, the criminals behind Zombie Zero had access to corporate financial data, customer data, detailed shipping and manifest information. They were also able to monitor and control the company’s global shipping and logistics operations.
Cyber attacks have caused a pipeline to blow up. They’ve prevented a steel mill blast furnace from being shut down, causing the entire mill to become disabled. And they’ve been behind numerous stolen secrets, leading to counterfeit products.
In a case involving a leading manufacturer of video cameras, a competing executive stole valuable intellectual property. The company was sharing its IP via email with the executive’s former employer to explore a possible joint venture, and the executive used old log in credentials to gain access to the emails. One simple mistake—not immediately removing the former employee’s account after leaving for another firm—is extremely common. Because of this theft, the targeted company lost their competitive advantage derived from years of cutting edge research and development, greatly weakening its sales and strategic marketing position.
A white paper published by the National Defense Industrial Association cites a number of reports and statistics about the persistence of cyber attacks on manufacturers, including this statement from McAfee’s 2012 Threat Predictions: “Attackers tend to go after systems that can be successfully compromised, and industrial control systems have shown themselves to be a target-rich environment. The NDIA report cites three categories of concern for manufacturers; 1) Theft of confidential technical data 2) Alteration of data affecting process and product integrity and 3) Impairment or denial of process control, reducing manufacturing availability.
What Cyber Plans Have You Implemented?
We'd love to hear from you. What plans have you put into place to address cyber concerns? Feel free to comment on this blog post so others can learn from your best practices. Plus, complete our quick, 5-question anonymous survey. We'll share the results in a follow-up post.