Understanding the impact of mobile cyberattacks
World Economic Forum’s 2018 Regional Risks for Doing Business report ranked cyberattacks as the top threat to organizations in North America, Europe, and the East Asia and Pacific region.
Why? Because these are areas where manufacturing and technological advancements flourish, making them a breeding ground for cybercriminals.
Industries such as retail, healthcare, and financial institutions actually have typically invested in cybersecurity more than manufacturers, even though data breach news coverage may indicate otherwise.
Manufacturers that leave themselves open to security vulnerabilities are inviting hackers to take advantage of weak points in their technology which, in many cases, wasn’t built to suppress today’s digital threats. Still, according to Deloitte’s cyber risk in advanced manufacturing study, one-third of manufacturers say their cybersecurity budgets have remained flat or decreased over the past three years.
Regardless of motive, hackers now have more attack angles, across more devices, than ever before. By exploiting a single vulnerability, they are able to move laterally across network infrastructure.
Smart manufacturing, criminals
The success of domestic and nation state cybercrime in recent years, particularly in the manufacturing space, can largely be attributed to an inability to secure the Internet of Things (IoT). Ironically, these emerging technologies, while advancing business and industry, have contributed to never-before-seen levels of data breaches. This goes hand-in-hand with the proliferation of smart manufacturing, or Industrie 4.0, as industrial manufacturing continues to inch closer toward enhancing the customer experience.
All manufacturing is shifting to digital. From supply chain to production, distribution, and analytics, systems are getting smarter and more interconnected every day. Each one of these touch points represents a potential threat, and many integrate their controls or reporting with mobile devices.
These devices range from control systems to the smartphones of personnel on the shop floor. And they’re often intentionally ignored by IT and Information Security professionals in favor of improving business performance rather than promoting mobile security. Yet, they present all of the same threats that an employee’s PC could – and then some.
Mobile security breaches
Regardless of the source of a breach, the consequences can be dire for manufacturers. However, information technology (IT) security professionals said mobile devices are the hardest enterprise asset to defend.
Some of the negative impacts a manufacturer can expect from a cyber attack include:
- Financial losses – The cost of a data breach averages $7.91 million in the U.S., and $3.86 million globally.
- Lost productivity – A breach can seriously disrupt or even halt production, leading to bottlenecks, production errors, and customer attrition.
- Government scrutiny – Investigations, fines, and lawsuits await companies who are breached – especially now that strict sanctions have been imposed through the SEC, GDRP, PIPEDA, and national agencies.
- Identity theft and fraud – One in three victims of a data breach later go onto experience an identity crime. These employees, customers, and partners, who will be looking to the company to correct the damages.
Prepare for mobile threats
There’s no way to entirely prevent a data breach from occurring, and it’s next to impossible to properly institute a mobile security policy in light of Bring Your Own Device (BYOD). But, by doing nothing, companies are almost guaranteeing a breach will occur via a mobile device connected to their network.
The most important angle to cover is education.
Employee negligence remains the primary cause of all data breaches. Every worker, at every level of the organization, should undergo training on how to properly secure their mobile device, how to identify suspicious emails or links, the importance of not connecting to public Wi-Fi, and who they should report an issue to immediately if they suspect something is wrong.
On the more technical side, IT teams should research software to help them better secure mobile devices at their facilities. For instance, rolling out mobile application management (MAM) for their corporate applications is a good way to start. These require passwords to access work emails, calendars, or any other sensitive data transmitted across the network.
There are also defense solutions that give IT teams a single-source view over all the mobile devices accessing their network. These tools detect any rogue applications, malware, or other threats that could pose a security risk. They alert administrators in real-time so they can take action before a breach happens.
Whatever cybersecurity initiatives a company entails, they need to allocate a portion of it to defending against mobile threats.