Many modern businesses in almost every sector of the economy are adopting the latest technologies for greater connectivity and efficiency. However, while many of these technologies offer myriad benefits, they can also create new cybersecurity vulnerabilities.
While much of the focus has remained on manufacturers and how they can bolster their cybersecurity efforts, another group of businesses also needs to improve their cybersecurity. Original Equipment Manufacturers (OEMs) are vulnerable to cybersecurity threats, making them easy targets.
How can OEMs improve their cybersecurity risk management? What can OEMs do to protect themselves and reduce the risks associated with an expanded cybersecurity threat landscape?
Why Should OEMs Prioritize Cybersecurity?
Cybersecurity attacks are on the rise, especially since the onset of the COVID-19 pandemic. Cybercriminals are attacking all businesses, including critical infrastructure and members of the global supply chain.
Whether it's ransomware, Distributed Denial of Service (DDoS), phishing attacks, or social engineering tactics, no business should consider itself completely immune to cyberattacks.
OEMs and other suppliers to the manufacturing industry are targets for cyberattacks. The majority of them store valuable data, maintain significant IT and OT operations, and, unfortunately, many lack the necessary resources to address major cybersecurity concerns adequately.
So, why should OEMs, in particular, prioritize cybersecurity? First and foremost, they serve manufacturing clients that are vulnerable to cybersecurity threats themselves. They must safeguard their sensitive data from outside observers, whether it's client data, client lists, or employee information.
OEMs are often targeted because they have these connections – a criminal can execute an attack on OEMs as a means to breach other targets within their client network. In other words, malicious actors may initially attack an OEM with the understanding that there will be bigger, and possibly more valuable targets further up in the supply chain.
Consider a cybersecurity attack in 2017. FedEx, lost $300 million due to a cyberattack on one of its daughter companies, TNT Express. The attackers may have targeted TNT Express knowing that it was connected to FedEx. This example perfectly illustrates how external client connections can open a company to more vulnerabilities.
How Can OEMs Improve Their Cybersecurity Resilience?
Unfortunately, the manufacturing industry is learning about cybersecurity the hard way. According to research from IBM, manufacturing faced the brunt of cybersecurity attacks in 2021 – even more than the insurance and financial sectors.
Additional research suggests manufacturing companies are subject to an estimated 27% of all cybersecurity intrusions, showing how critical this problem is in the industry.
Here are two important measures OEMs should take to improve their cybersecurity resilience.
Secure the Chain of Custody
OEMs often make equipment parts or components that can be modified by other OEMs or suppliers, which leaves them with unique cybersecurity concerns to manage.
Any products an OEM creates can come equipped with security mechanisms, but if another OEM or supplier modifies them, it may put the mechanisms at risk. An OEM has little control over what happens to the product once it is sold to another party.
OEMs must keep cybersecurity top of mind and include security measures at the earliest stages of development. Taking steps to secure products during these early stages is a proactive approach to cybersecurity and is a form of quality assurance for the OEM.
Another step OEMs can consider taking is ensuring product security can be monitored in the future and remotely updated if necessary. For example, an automotive OEM may be able to issue an over-the-air (OTA) software update for a client to bolster security.
Generally, OEMs deal with a complex supply chain with multiple players and factors to consider. One way to bring clarity to the supply chain is to form licensing agreements.
In some cases, licensing agreements can help OEMs monitor their chain of custody so each organization involved in the supply chain is held accountable for the conditions of the product as it makes its supply chain journey. Increasing supply chain visibility should be imperative for OEMs. License agreements are essential for OEMs because it protects their brand as well as the businesses for which they provide products.
Additionally, these agreements typically should include concise language regarding the specific modifications that can be made to any products sold to involved parties. Any modifications made outside of the agreement or sub-agreement could potentially put a product’s mechanisms or security measures in jeopardy.
Another way OEMs can bolster their protection and reduce the risk of facing a cybersecurity incident is to identify, manage, and secure any devices they use in their operations.
They may have employees use company devices when working onsite at a client's location. Even technology with no external connection capabilities, such as USB drives, needs to be managed.
Original equipment manufacturers can take steps like banning personal devices, implementing robust security measures, and updating devices to the latest software version.
Other steps to increase security include eliminating unnecessary or outdated data, programs, or applications on devices, and cleaning data repositories. It is also critical to implement a comprehensive cybersecurity training program for employees.
More Tips OEMs Should Consider to Reduce Their Risks of Cyberattacks
In addition to securing the chain of custody and devices, OEMs can take other measures to reduce their risk of facing a cyberattack. A recent report from The Association for Packaging and Processing Technologies (PMMI) titled “2021: Cybersecurity: Assess Your Risk” outlines information regarding cybersecurity in manufacturing.
Because manufacturers adopt robust technologies for enhanced connectivity, such as remote access and the Industrial Internet of Things (IIoT), OEMs are more vulnerable to cybersecurity risks. The rise of remote work is also expanding the attack surface for OEMs.
Below are more tips OEMs should consider when improving their cybersecurity posture.
Identify Common Attack Vectors, Vulnerabilities, and Risks
Cybercriminals are becoming increasingly sophisticated and creative in their attack strategies. Here are some common pathways used to execute attacks:
- Impersonating a target's vendor using their credentials and demanding a ransom payment.
- Infecting a supplier with dormant ransomware, which goes undetected until it reaches the desired target.
- Targeting and compromising IIoT devices that ship to a recipient, potentially infecting an entire business.
- Infiltrating and exploiting security updates issued by vendors and pushing malicious code into updates to target an OEM.
When an OEM understands potential vulnerabilities, they can employ appropriate counteractive measures.
Prepare, Prevent, and Respond
Taking proactive steps rather than reactive steps is critical for OEMs. OEMs can improve their posture by conducting a cybersecurity audit using a cybersecurity team’s resources or consulting a managed security services provider (MSSP). A cybersecurity team or MMSP can help OEMs build a stronger cybersecurity posture.
Additionally, OEMs must have a thorough cybersecurity incident response plan in place. Organizations with well-thought-out response plans typically bounce back more quickly, get operations back up and running, and endure less damage from an attack.
Consider Cyber Insurance
Another strategy OEMs can employ is investing in cybersecurity insurance solutions. However, it’s also important understand that cyber insurance is not a solution by itself. It works best when other cybersecurity measures are in place.
Insurers can also conduct audits to help OEMs address cybersecurity risks and improve their cybersecurity risk management tools. Also, it's common for manufacturers that are better prepared before an audit to receive lower premiums and deductibles, making cyber insurance more cost-effective.
OEMs have their work cut out for them when it comes to cybersecurity. Protecting all of their external connections from being compromised should be of the utmost importance.
OEMs: Implement Strong Cybersecurity Measures in 2022
A cybersecurity attack on an OEM can halt operations, lock down systems, and require a ransom to be paid, which is bad enough. However, sophisticated attacks can cause more damage, including compromised intellectual property, patent theft, or leakage of sensitive financial information.
A defenseless OEM may be a pivot point for criminals to execute more significant attacks on larger connected clients. They must consider the above information and implement strong cybersecurity risk management strategies to maintain a good posture in a high-risk cybersecurity environment.
About the Author: Emily Newton is the Editor-in-Chief of Revolutionized, an online magazine celebrating innovations in industry, science, and technology. She has over 5 years of experience covering these industries.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.