Why And How Do Phishers Target Manufacturing Firms?
Although manufacturing in the United States has been in decline for years, the sector still represents nearly a trillion dollars of GDP and 6% of the economy. The technological sophistication of durable manufacturing firms varies greatly depending on the goods they make. Semiconductor fabrication is such a precision process that the cost of the equipment involved dwarfs the labor input. Pharmaceutical and some chemical processes require highly complex control equipment. Smelting is a pretty basic process, although some exactness in timing and temperature is needed for delicate alloys. Food production involves the meticulous setup of robots but is highly repetitive. Depending on how connected each manufacturing firm is, it may deal with a wide variety of suppliers, channels, and partners.
Phishers target the weak points in the manufacturing sector: less sophisticated firms; firms that transfer high-value products, subassemblies, or inputs; and firms that interact with a wide variety of outside partners, with whom they may be more or less familiar. Less sophisticated firms often have less protection, older, outmoded IT infrastructure, and the less internal awareness of phishing dangers. Firms that deal with high-value inputs are attractive to phishers for the size of the prize. Complex ecosystems invite account takeover attacks from compromised partners. A combination of access and value drive phishers to target manufacturing firms’ email systems. Landing successful phishing exploits via an unsuspecting employee lets phishers invade the entire network and drop their payload, which may be a ransomware attack, a credential harvesting operation, or a means to exfiltrate valuable intellectual property — or even money.
Request a demo.