Protect Your Manufacturers: 3 Common Cyber Attack Methods to Watch Out for in 2023

What were the most common cyber attack patterns in the manufacturing industry in 2023?

In support of Cybersecurity Awareness Month, we are examining reported incidents by industry. The focus of this article will be on manufacturing.

With a fourth industrial revolution upon us, the manufacturing industry is getting smarter by the minute with autonomous systems fueled by intelligent data sets and machine learning capabilities. But new technology breeds new vulnerabilities, creating new entry points for threat actors, such as supplier entities, operational software, Industrial Internet of Things (IIoT) devices and more. This invites opportunities for industry disruption.

So, what were the most common cybersecurity attack methods targeting the manufacturing industry in 2023?

According to the Verizon 2023 Data Breach Investigations Report (Verizon DBIR), 83% of all reported incidents in the manufacturing industry were from system intrusion, social engineering or basic web application attacks.

And external actors with financially driven motives continue to be the biggest thorn in the side of the manufacturing industry, with 90% of the reported incidents carried out by external parties and 96% of them being financially motivated.

System Intrusion and the Manufacturing Industry

For more than two years, system intrusion rates have risen across the manufacturing sector. System intrusion usually takes the form of hacking or malware, with ransomware accounting for the most breaches. But don’t discount Denial of Service (DoS) attacks.

The Verizon DBIR reports that DoS attacks account for 67% of the system intrusion-related attacks on the manufacturing industry. DoS attacks occur when threat actors flood a host or network with traffic until the target can’t respond or crashes altogether.

This can shut down critical manufacturing infrastructure, delaying a company or supplier’s ability to meet production deadlines. CISA recommends enrolling in a DoS protection service and creating a thorough disaster recovery plan that’s familiarized throughout your organization to ensure swift action can be taken to mitigate risk and/or recover in the event of an attack.  

Social Engineering and the Manufacturing Industry

With the growing volume of digital infrastructure in the manufacturing industry, it’s more important than ever to secure your digital ecosystem. Although not as prevalent as the system intrusion trend, we continue to see social engineering attacks hitting this industry, tricking people into providing access to sensitive information.

But the good news is there is a lot that can be done to reduce the threat of social engineering attacks, including but not limited to, advanced email filters, penetration testing, network segmentation and user awareness training.

Basic Web Application Attacks and the Manufacturing Industry

Don’t overlook your website as an entry point for attackers. In June 2015, the American clothing manufacturer, Hanesbrands, Inc., was hit with a website attack that compromised the online and telephone data of more than 900,000 customers.

The attacker pretended to be a guest customer checking on their order, using security gaps in the website design to access the customer database. Mailing addresses, phone numbers and the last four digits of payment cards were exposed in the process. Making sure you have the necessary security plugins and implementing a firewall are critical steps in encrypting and securing web-based communications.

This article is part of a series highlighting the most common cybersecurity incidents by industry and is based on data from the 2023 Verizon DBIR. Additional articles include:

It is important to note that the data referenced is from organizations that chose to disclose incidents and data breaches.

About Cybersecurity Awareness Month

Since 2004, the United States and Congress have recognized October as Cybersecurity Awareness Month to raise awareness about the importance of cybersecurity in the public and private sectors and tribal communities. The year marks the 20th year anniversary of Cybersecurity Awareness Month and this year's campaign, Secure Our World, focuses on four ways to protect yourself, your family and your business from online threats.

Related Resources

About Schneider Downs Cybersecurity

The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.

To learn more, visit our dedicated Cybersecurity page or contact the team at [email protected]

Want to be in the know? Subscribe to our bi-weekly newsletter, Focus on Cybersecurity.

 

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2024 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on
Get the Low Down Before You Download: Exploring the Temu App’s Security Risks
Six-Figure Ransomware Attack Hits Washington County, PA
Romance Scams: Guarding Your Heart and Wallet
A First of Its Kind: The $25 Million Deepfake Scam
Fortifying Retail Security: Essential Cybersecurity Tools and Software
Defend Your Dollars and Data: How to Avoid IRS Impersonation Scams
Register to receive our weekly newsletter with our most recent columns and insights.
Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us
contact us
Pittsburgh

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.

×