Manufacturing and critical infrastructure are under pressure to leverage the best of Industry 4.0 (4IR) while maintaining a strong cybersecurity posture. Companies like Americold operate on tight schedules with a low tolerance for downtime or operational variance. Americold designs, builds, and operates temperature-controlled warehouses that operate intelligently within cold chain networks. The company has recently announced new collaborations with a transnational rail network (Canada-U.S.-Mexico) and a Dubai-based logistics company. All of these companies have other strategic collaborations of their own.
The global food supply chain is a network of networks with a sprawling attack landscape of human and digital systems that are expected to respond quickly to natural disasters, socio-economic conditions, and criminal attacks. Cutting edge Operational Technology [$ and other 4IR solutions help meet these conditions, but many of these new devices and applications are networked with unsupported legacy technology and other unmanaged devices. The ongoing IT and OT convergence also increases the company’s exposure to attack.
It isn’t just the digital acceleration and race to 4IR that creates risk. Email remains a top threat vector across all sectors, including manufacturing, production, and critical infrastructure. In a recent study, 53% of respondents in manufacturing and production reported downtime and business disruption due to an email attack. 46% of respondents also said they were victims of spear phishing attacks, resulting in the following damages:
Although data and financial losses appear to be lower in this sector than in others, a disruption to manufacturing and industrial operations can trigger a bottleneck in a critical supply chain. The 2021 ransomware attack on Colonial Pipeline resulted in a six-day shutdown that affected 45% of the fuel supply in the eastern seaboard region of the United States. The Colonial Pipeline Company paid over $4 million ransom to the attackers, but not in time to prevent gas price hikes and a federal declaration of emergency for the region. The attackers also took data from Colonial Pipeline Co. on the day before the attack.
Americold suffered a cyberattack in 2020 that disrupted communications, inventory management, and order fulfillment. Another attack in April 2023 caused system downtime and chaos throughout the downstream supply chain. Americold recently confirmed a data breach also occurred during the attack.
Americold isn’t the only industrial company that has suffered repeated attacks. Barracuda research has found that 46% of ransomware victims in the manufacturing and production sector were attacked at least twice. One study found manufacturing is hit four times more with business email compromise (BEC) attacks than other sectors. Nissan and Yamaha Motor are recovering from cyberattacks, and Toyota experienced yet another breach earlier this year.
Barracuda provides comprehensive security for manufacturing and industrial companies. For more information on how we defend all threat vectors, even as they evolve, visit www.barracuda.com.
By Christine Barry
This article originally appeared on Journey Notes, the Barracuda blog.
Back