You are here
Manufacturing is a soft target for cyberattacks
If you see this text then your files are no longer accessible, because they have been encrypted,” read the message on the computer screen. “Please follow the instructions and send $300 of Bitcoin to the following address.”
With these words, a Cadbury’s factory in Tasmania was forced to close for three days in June 2017 when parent Mondelez International’s entire global IT network was knocked out by the Petya ransomware attack. With 500 employees and 50,000 tonnes of chocolate produced a year, the impact was significant – and not just on Aussie chocolate lovers.
To date, Cadbury’s is one of the unlucky few manufacturers in Australia to have been hit so hard by a
A shifting risk landscape
As one of the world’s largest commercial property insurers, this is just one of several worrying cyber-risk trends we’ve observed. Australian
The rise of indiscriminate attacks, like last year’s WannaCry and NotPetya, is one of the reasons why manufacturers are among the most impacted by cyber threats in recent years, according to our loss data. Due to the global interconnectedness of business operations, such untargeted attacks spread easily throughout the system. The Cadbury’s shutdown in Tasmania was part of a worldwide shutdown of Mondelez International.
The fact that these untargeted strikes are resulting in the greatest damage, negates the argument relied on by some business leaders. They say their business isn’t interesting
to potential attackers so they don’t need a comprehensive cyber-risk strategy or insurance policy. Yet although a targeted attack strikes fear into the hearts of executives and risk managers, the risk of becoming collateral damage should not be underestimated.
These attacks are also becoming more physical in nature, damaging property as well as disrupting operations. Imagine a wind turbine that gets hacked and spins out of control, causing millions of dollars in damage. As recently as 2015, there had been only two such recorded cases but tangibly destructive outcomes are now increasingly common.
Manufacturing under threat
Financial services companies were previously the most likely to be hit by
And it’s not just smaller or less sophisticated companies that are threatened. Our loss data shows large multinationals were badly impacted, with one major client taking 75 days to get operations back online.
Physical security has proven to be another reason why manufacturing is a soft target because people can walk into some facilities without checks. Globally, almost two-thirds
of the physical security deficiencies we’ve found have been in this sector. As companies become more technologically sophisticated, implementing more robotics and automation into their manufacturing processes, the attack surface will grow.
Resilience beats compliance
The threat landscape is evolving rapidly and cyber risk must be considered a business issue, not an IT or legal one. It’s a matter of ensuring resilience, not just compliance. This is because the extent of losses is determined largely by how long it takes your businesses to get back to normal – you can’t predict an attack but you should be prepared to respond.
There are three key aspects to managing cyber risk in the manufacturing sector – physical security, industrial control systems and information security. Boards and leadership teams looking to ensure their businesses are protected effectively must implement products, processes and educational initiatives taking each of these areas into account. These should be reinforced with appropriate insurance coverage based on a holistic view of cyber risk.
Our threat intelligence indicates that Australia is a medium-risk country when it comes to the potential for targeted
There’s a lot more than chocolate bars at stake when risk gets overlooked. Manufacturing accounted for about seven per cent of Australia’s total economic output in 2016. It employs close to a million workers, making it the sixth largest employer.
Source: Manufacturers' Monthly