Different studies demonstrate the responsibility internal actors have in terms of cybersecurity for their manufacturing businesses. This happens because they already have been granted access to the systems in order for them to fulfill their jobs, but access can result in privilege abuse.
- External actors account for the majority of cyberattacks in the manufacturing industry (75%), but internal actors carry out 30% of attacks, according to Verizon’s 2019 Data Breach Investigations Report.
- The motivation of attacks was financial in 68% of cases, espionage in 27% of cases with the remaining attacks labeled as either a grudge or fun.
- Attacks on manufacturing facilities resulted in compromised credentials in 49% of attacks and jeopardized internal data in 41% of attacks, the analysis found. A Deloitte survey found 40% of manufacturers had their operations affected by a cyber incident in the last year.
Avoiding Internal Actors Threats to Cybersecurity
Avoiding threats from internal actors could be a matter of training on good cyber hygiene, according to Deloitte Partner and IoT Security Leader Sean Peasley. “The malicious [internal] actor is a threat as well, but I would say there’s probably more potential impact because of just lack of knowledge, lack of caring by insiders,” said Peasley.
Proper network segmentation can also help to minimize the threat from internal actors by limiting access to applications or databases to specific employees. Segmentation keeps attackers on just one part of the network if they do make it in, he said.
Manufacturing companies will also need to provide remote access to vendors who maintain floor equipment. A solution that requires vendors to log in and only monitor their equipment while allowing the company to audit vendor traffic would help, he said.
Finding potential weaknesses will be the responsibility of formal programs within companies that set policy and review their current standing.
Regardless of where the threat comes from though, cyberattacks can leave operations struggling in their wake.