Analysis
Insider threats have the Hollywood treatment; think about corporate espionage in Inception or even the classic Willy Wonka and the Chocolate Factory. But insider threats are often mundane and unintentional. A recent report notes 62% of cyber insider incidents come from negligent employees making a mistake, and these types of risks are often under-addressed by companies.
A 2019 study from Verizon found that manufacturing is in the top five industries with the highest chance of insider threats, with the average cost of an incident at $8.86 million per year for a manufacturing company. And the cost is rising. The Ponemon “2020 Cost of Insider Threats: Global Report” finds that the average insider threat costs a manufacturing company $10.25 million per year. Part of the cost comes from the challenge in containment. The average insider threat incident takes 77 days to contain.
As manufacturing becomes more connected and reliant on networked communications with smart(er) factories, the risk increases. A MAPI and Deloitte study found that 48% of surveyed manufacturing executives noted operational risks, including cybersecurity, as the greatest concern for smart factory initiatives. For insider threats specifically, the number rises to 74% of respondents concerned about the risk.
With changing operations and many corporate employees working from the home office due to the COVID pandemic, threats continue to grow for manufacturers.
Phishing attacks have increased 350% since March as criminals try to take advantage of often less secure home networks and people working remotely full-time. RiskIQ, a cybersecurity company, found that keywords related to COVID-19 accounted for 300,000 suspicious sites in March alone. As people search for legitimate information, bad actors are trying to take advantage; and if the search comes from a device with access to company proprietary information or networks, your company’s risk increases. A study of over 800 business leaders found that 90% saw phishing attacks impacting their organization since the pandemic began. And 28% acknowledged that the phishing attacks were successful globally, with 13% successful in the U.S.
Many tech companies have announced either permanent or long-term shifts to total remote work as a result of the pandemic. Manufacturing, by its nature, must continue to have facilities to produce goods. However, many knowledge and customer support functions do not need to be in person. How will manufacturing adapt post-pandemic? As automation and remote diagnostic tools become the norm, companies must continue to put security first as both mistakes and nefarious insider threats rise with new points of entry from remote workers.