In an ironic twist, CrowdStrike, a popular cybersecurity platform used to prevent cyber attackers from causing outages as well as data theft and ransomware attacks, turned out to be the source of an error that led to widespread disruption globally in July. Rather than a sophisticated attack, the cause of the chaos was a routine update of CrowdStrike’s endpoint detection and response (EDR) platform, Falcon, which triggered logic errors within Windows machines that led to crippling operating system crashes. As organizations across the globe take stock of the impact, CrowdStrike’s CEO George Kurtz has been called to testify to Congress about the cybersecurity company's role in what’s being called the largest IT outage in history.
It's estimated that Fortune 500 companies alone tallied more than $5 billion in direct losses, according to one insurer’s analysis of the incident. The healthcare and banking sectors were the hardest hit by CrowdStrike’s mishap, with estimated losses of $1.94 billion and $1.15 billion, respectively, per the analysis. While manufacturing is the largest sector by revenue, it fared better than other industries, losing approximately $36 million compared to annual revenue of $3.4 trillion across 130 companies. By comparison, the outage cost the six Fortune 500 airlines nearly $860 million.
Although manufacturers may have escaped this event relatively unscathed, the CrowdStrike outage should serve as a wake-up call to the potential for supply chain disruptions in the future.
The Unique Cyber Challenges for Manufacturers
Over the past decade, the manufacturing sector has undergone rapid digital transformation, embracing innovations such as digital twins, robotics, artificial intelligence, cloud computing, and the industrial Internet of Things (IoT). While these advances drive growth and efficiency, they also expose the sector to cyber threats. In other words, manufacturers’ new strengths introduce new weaknesses as well.
This increased sophistication of the manufacturing sector has not gone unnoticed by bad actors looking for a lucrative payday, according to the World Economic Forum (WEF), which recently reported that manufacturing has been the sector most targeted for cyberattacks for three years. It accounts for nearly 25% of attacks, with ransomware playing a role in 71% of the incidents. The WEF points to manufacturing being particularly vulnerable to ransomware attacks because of the manufacturers’ lack of cybersecurity maturity compared to other industries and the intolerance for downtime, which may impact the entire supply chain.
Some of the security challenges facing the manufacturing industry include:
- The compromise of Industrial Control Systems (ICS) and Operational Technology (OT): The use of ICS and OT systems to control and monitor physical processes, such as machinery and production lines, make manufacturers vulnerable to cyberattacks, ransomware, and even sabotage.
- Theft of Intellectual Property (IP): Cybercriminals may target manufacturers to steal IP, including trade secrets, proprietary designs, etc., which manufacturing companies may possess. IP can be used to gain a competitive edge or sold to other entities.
- Supply chain attacks: Cyberattacks targeting a manufacturer’s supply chain can introduce vulnerabilities through compromised software updates, tainted components, or other weaknesses, disrupting production, degrading product quality and possibly leading to data breaches.
Leveraging Strategies to Build Resilience
For all the efforts to prevent such mistakes from happening again, companies must acknowledge the likelihood that incidents like the CrowdStrike outage will increase in frequency and impact in the years to come, especially as the world becomes even more interconnected. This means organizations must focus on resilience and foundational security, which will provide the fortification needed to survive the inevitable future crisis and resume business operations with as little disruption as possible.
Manufacturers must embrace security best practices and fundamentals to build resilience, such as:
- Prioritizing the attention to detail and disciplined execution of cyber hygiene – even those basics deemed routine.
- Better software review processes, including testing and quality assurance, designed to catch errors like this and prevent them from being deployed in the final production version.
- Due diligence and acknowledgment that the next attack can come from anywhere, including trusted suppliers – like one of the most trusted and commonly used EDR platforms. This makes the focus on the supply chain even more paramount.
Manufacturers can build resilience by using redundant methods to perform critical tasks, ensuring continuous data backup, building alternate communication channels, and rehearsing for operating with diminished capabilities under adverse conditions. Taking proactive steps to eliminate redundant, obsolete, and trivial (ROT) data through sanitization is another strategy to reduce the threat footprint and the impact of a data breach, should one occur.
This approach has clear costs. A resilience-focused security strategy means that investments in these areas require a larger share of the existing security budget. In other words, backup systems for manufacturing floors and back-office applications should be considered the latest tools for improving primary systems.
The Importance of Staying Resilient
The future of security for today’s businesses, including manufacturing, will depend on our capacity to stay resilient in the face of emerging risks that we can't yet pinpoint. Relying solely on tracking trends and predicting threats won’t be enough. We must also scrutinize the assumptions that currently influence our understanding of security, from the manufacturing line's physical processes to the C-suite's decision-support tools.