Cyber threats on the rise in the manufacturing industry

As technologies become more interconnected, the potential cybersecurity threats and attack vectors are growing.

Increasingly companies are looking to adopt smart technologies to optimise production and decision-making in order to create businesses of the future. However, as reliance on autonomous and digital technology grows, so too does the risk of cyber-attacks.

The consequences of cyber threats can be severe, resulting in production and revenue losses, regulatory fines, reputational damage, as well as the shutdown of critical infrastructures.

Cyber crime Image by TheDigitalWay from Pixabay
Once attackers have a foothold in an organisation, the tools and tactics used by them are usually designed to monetise their attacks by the simplest means possible

Smart systems 

This has been further compounded by the complexities and uptake of smart systems that use advanced technologies such as machine learning and the Internet of Things (IoT). Termed ‘Smart Manufacturing/Smart Mining’, South African industry leaders recognise that the terms encompass everything from Artificial Intelligence (AI) to robotics and cyber security.

PwC has issued a point of view on emerging cyber threats in the mining and manufacturing industries. The document focuses on emerging cyber threats affecting these sectors, with a focus on South African and other Africa-based organisations.

Although there are considerable benefits in the convergence of these advanced technological systems and the operational technology that makes up the backbone of the sectors, it is important to note that the reliance on such connected and internet-dependent systems is not without its own risks.

Junaid Amra, PwC Forensics Technology Solutions Leader says: “Organisations in the manufacturing and mining sectors face a myriad of different cyber threats. A number of organisations have not been paying enough attention to these threats. They are also not prioritising the implementation of the appropriate mitigation strategies, whilst threat actors are starting to take an interest in organisations operating in this space.

“Due to the increasing level of technology adoption, the consequences of attacks on organisations in these sectors can be far-reaching and potentially devastating. It is therefore important for businesses to understand key risk areas, attack vectors and vulnerabilities to ensure that they employ the correct controls to improve security and protect their assets.”

The technologies most targeted by attackers within these sectors are Industrial Control Systems (ICS). ICS are embedded computer devices that are responsible for a myriad of automated process controls in industries (e.g., measuring instruments, packaging machinery and all other components of an assembly line that make parts of any production process.

Amra adds: “The COVID-19 pandemic has further exacerbated the problem of cyber-attacks. According to international research there was an uptake in intrusion activity in the manufacturing sector in 2020, as well as several cybersecurity incidents in some country’s mining and resources sectors.”

PwC’s paper highlights the different threats to ICS technologies and the profiles of the actors perpetrating these attacks. It also focuses on notable incidents to help demonstrate the complexity and subsequent impact of ICS attacks.

Attacker tactics, techniques and procedures

PwC’s global Threat Intelligence practice recognises four types of motivations driving attackers, namely espionage, hacktivism, terrorism/sabotage and organised crime. There are also a range of different tactics, techniques and procedures used by each attacker. This not only determines the impact of each attack but also the means by which organisations get targeted and subsequently compromised. It is also notable that insiders can be part of any threat group.

Organisations who are mindful that a security breach can take several different forms and originate from several different places are in a better position to imagine ways of implementing the correct defences.

Visit the official COVID-19 government website to stay informed: sacoronavirus.co.za