Cyber attacks are no longer limited to front office interactions with individual customers. The amount of data now integrated into smart products, manufacturing equipment and other machines that keep operations running is a sweet temptation for hackers. The threat of a cyber-attack and potential fallout after a security breach poses new risks manufacturers should consider and act on.
And, the threat is getting larger. Besides access to sensitive corporate data, the average total cost of data breach was $4 million in 2016, up 29% since 2013, according to the “2016 Cost of Data Breach Study: Global Analysis” from Ponemon Institute and IBM. Worse, because 48% of breaches are malicious attacks, they cost more to remediate, the study found.
To reduce some of the risk, manufacturers are increasingly buying cyber insurance policies as a just-in-case strategy to protect their companies and factories, which are more computerized and digitally-integrated than ever before, according to a Wall Journal article published in April.
Manufacturers paid $36.9 million in premiums for cyber-specific policies in 2016, up 89% compared to the prior year, the WSJ article stated, citing an Advisen Ltd. survey of more than 9,000 mostly U.S. companies.
This trend marks a departure from how cyber insurance was typically thought of and used. For years, consumer-facing businesses, such as retailers, financial and professional service companies and health institutions, bought cyber insurance policies to protect against customer data theft.
But, now weak spots in the manufacturing sector are bringing attention to data-related security gaps. It is also widening the insurance scope from traditional factory property and casualty policies, which often require physical damage to the plants before insurance money is paid, to more cyber-specific policies.
An incident earlier this year involving healthcare OEM Abbott Laboratories and their recently-acquired St. Jude Medical implantable cardiac devices highlighted how manufacturers are exposed to potential security breaches. U.S. Federal Drug Administration officials found that vulnerabilities in the device’s transmitter could give hackers access to the device, allowing them to deplete the battery or administer incorrect pacing or shocks, according to a CNN report.
And, in early in April, researchers from security firm Radware discovered BrickerBot attacks that aim to destroy routers and Internet of Things devices. Over a four-day period, Radware’s honeypot recorded 1,895 PDoS (permanent denial-of-service) attempts performed from several locations around the world. Its sole purpose was to compromise IoT devices and corrupt their storage, according the company’s website.
“Imagine a fast-moving bot attack designed to render the victim’s hardware from functioning. Called Permanent Denial of Service attacks (PDoS attacks), this form of cyber-attack is becoming increasingly popular in 2017 as more incidents involving this hardware-damaging assault occur,” Radware’s website noted. “Also known loosely as ‘phlashing’ in some circles, PDoS is an attack that damages a system so badly that it requires replacement or reinstallation of hardware. By exploiting security flaws or misconfigurations, this type of cyber attack can destroy the firmware and/or basic functions of system. It is a contrast to its well-known cousin, DDoS attacks, which overloads systems with requests meant to saturate resources through unintended usage.”
With these kinds of attacks likely to become more prevalent in coming years, manufacturers will be hard pressed not to take these threats seriously.
How you curbing the threat of data-security breach on your factory floor or with your devices?