In the wake of the pandemic and its elevating issue of the need for resilient supply chains, countries in the Middle East have been shifting trade and industrial policy to prioritize domestic production.

Modernizing local supply chains and factories, integrating 4IR solutions and applications across the manufacturing sector, and increasing productivity are witnessing a resurgence in support and conversation.

The manufacturing sector is an essential element of the regional economy, contributing 24% of GDP to Saudi Arabia and 16% to the UAE. The sector, encompassing diverse industries such as petrochemicals, energy, processed foods, metals, and EV manufacturing, has undergone rapid digital transformation.

However, the larger conversation about the benefits to the economy, and more importantly, the positive downstream effects on the communities, is drowned out amid the sector’s exposure to cyber threats.

Nearly 25% of cyberattacks across all industries target manufacturing.

DIGITALLY CONNECTED SYSTEMS

“Manufacturing is among the region’s most targeted sectors for cyberattacks, and according to some data and studies, it is the second most targeted industry in the Middle East,” says Pieter Bil, Senior Vice President and Managing Director Middle-East and Africa at Kyndryl.

“This is primarily due to the rapid adoption of Industry 4.0 technologies such as IoT and automation. These technologies increase connectivity and data transparency within manufacturing operations, expanding the attack surface for cyber threats.” 

Since manufacturing is intertwined with other sectors, such as logistics, energy, and IT, vulnerabilities in digitally connected systems and disruption to the manufacturing process can cascade throughout many other sectors around the region and the world.

“Incidents like the Suez Canal blockage in 2021, while not a cyber-related issue per se, have highlighted the widespread impact that supply chain disruptions can have by creating a ripple effect across sectors. This has incentivized cyber attackers to attempt to obstruct supply chains to target organizations and entire industries through a domino effect,” says Ahmad Ali, Solution Architect – OT & IoT at Help AG. 

“A minor disruption can have a cascading effect, such as delaying production and delivery, making the industry a prime target for cybercriminals,” adds Ali.

Successful malware attacks on manufacturing can harm businesses through direct money loss, sensitive data theft, and physical disruption. “All of these scenarios ultimately cause reputation damage, a serious risk of cyber threats that often takes much longer to remediate than cash or hardware losses,” says Maher Yamout, Lead Security Researcher in the Global Research and Analysis Team at Kaspersky.

LOW LEVEL OF CYBER MATURITY

According to experts, manufacturing organizations are an attractive target for ransomware due to their low tolerance for downtime and comparatively lower level of cyber maturity compared to other sectors.

The rise of cloud computing, the push toward rapid digitalization, and Industry 4.0 have expanded organizations’ attack surfaces and heightened cybersecurity challenges for industrial organizations. Most importantly, different organizations don’t put the same emphasis on investing in cybersecurity.

“Just because the industry is becoming increasingly digitalized does not necessarily mean that engineers, for example, have received adequate training on relevant IT systems,” says Yamout. 

Additionally, Ali says, “Many manufacturers don’t prioritize cybersecurity until it becomes an issue, and by then, it may be too late—forcing them to learn the hard way about the importance of robust cybersecurity measures.”

According to experts, some manufacturing organizations have yet to recognize the critical risk of cyber threats. 

“The lower level of cyber maturity observed in some manufacturing companies is often due to the prevalence of legacy systems,” says Ali.

Organizations still operate technology that may be outdated from a cyber perspective as long as they still support the functional requirements, which makes these environments inherently more vulnerable to cyber-attacks. 

Additionally, Ali says that in some manufacturing organizations, Operational Technology (OT) teams—directly involved in managing the manufacturing process—tend to have less awareness and training on the different types of cyberattacks they may face compared to CISOs and IT teams.

“The desire to integrate operational technology (OT) with IT systems increases OT vulnerability and provides a higher attack surface for cybercriminals,” Yamout says, adding that Kaspersky’s ICS CERT team was created in direct response to this vulnerability gap as it noticed that many industrial organizations were ill-prepared to protect themselves against emerging cyber threats. 

Apart from historically focusing more on OT rather than information technology (IT) and the integration of legacy systems with newer digital technologies creating complexities that can be exploited by cyber threats, Bil says, “regulatory compliance and cybersecurity frameworks are relatively newer to manufacturing compared to sectors like finance or healthcare, leading to slower adoption of robust cybersecurity practices.

BUILDING CYBER RESILIENCE CULTURE

Manufacturing companies often fall behind in investing in cyber resilience due to their long production cycles and the significant investments required to redesign manufacturing lines. With the costs of attacks on this sector increasing by 125% each year, cyber risk is now considered the third biggest external risk to manufacturers.

“Organizations tend to prioritize the value of their production facilities over cybersecurity concerns. The focus on production efficiency and a lack of awareness combined with outdated systems causes some organizations to fall behind in cyber maturity,” says Ali.

Regardless of these complexities, the manufacturing sector must deal with cyber challenges by building a cyber-resilient culture. 

That requires regular awareness training and sustained investment in people, technology, and internal process improvement,” says Ali. This must begin with a comprehensive understanding at the boardroom level of the risks and potential impacts of cyber threats on operations. 

Subsequently, this understanding should guide the allocation of appropriate budgets, the upskilling of staff, and the establishment of an organization-wide emphasis on cybersecurity.

“It is vital that companies prioritize shifting from conventional cybersecurity to cyber immunity. Such a shift ensures that IT systems have an innate protection against cyberattacks and products are protected at an architectural level,” says Yamout.

As the industry witnesses high APT and cybercriminal attacks, Yamout adds that security teams must stay informed and equipped with cyber-immune products and the necessary threat intelligence.

According to Bil, by fostering collaboration across IT teams, operational staff, and management, organizations can address cybersecurity concerns holistically, promoting a unified approach to protection. 

As digitalization progresses, experts suggest that organizations in the manufacturing sector prioritize the development of a strong cyber resilience culture. This will enable the industry to navigate the increasing cyber threat landscape more effectively.

“By prioritizing cybersecurity as a collective responsibility and ingraining it into everyday practices, manufacturing organizations can fortify their defense against evolving cyber threats in the digital age,” adds Bil.