Globally, the manufacturing, healthcare, manufacturing and finance sectors saw increases of 200 per cent, 300 per cent, and 53 cent last year for all known cyber-attacks.
Within Australia, manufacturing businesses accounted for 13 per cent of all known attacks, behind the global average of 22 per cent.
These are findings from global technology services company NTT Ltd, made public last week in its 2021 Global Threat Intelligence Report (GTIR.) Their accounting of cyber security maturity levels gave Australian manufacturers a score of 0.76 (down from 1.4 in 2019), below the APAC average of 1.98 and global average of 1.21 for the sector. (NTT’s assessment defines between 0 and 0.99 as “non-existent.”)
@AuManufacturing spoke to John Karabin, Senior Director of Cybersecurity at NTT Australia about the results and their context.
@AuManufacturing: Obviously we’d like to know more about the decrease in cybersecurity preparedness your report found for Australian manufacturers. What’s behind the drop since 2019?
John Karabin: It’s such a small industry in Australia, so it’s a little bit subject to the whims of particular companies, but I would definitely say that the focus perhaps hasn’t been there in manufacturing
“It’s patchy is the answer. Some are taking it very seriously and for others it’s just really a second thought. And so I think that lowering of the maturity is a reflection of the average drop. It’s not a reflection of some of the examples of the companies here. But definitely manufacturing around the world has really woken up to the fact that they’re a target. I think if the industry was bigger in Australia it would have been a much bigger target here as well. But elsewhere, we’ve seen very considerable focus on them, both from probably sophisticated criminal groups, but also nation state organisations. And that’s the real trend this year.
@AuManufacturing: There were some high-profile ransomware attacks mid-last year at Bluescope and Lion. Was that a trend that’s continued?
John Karabin: Yes, an absolute trend. Ransomware has just gone up and up in terms of its impact and actually getting a foothold and then wreaking damage in an organisation, and that trend doesn’t seem to have abated at all. But we have seen other trends in malware. So it’s not the only nasty thing out there. But ransomware gets very high visibility because of the significant impact with companies, and not just in manufacturing. And I would say we are involved on a weekly basis with retail, manufacturing and other industries in terms of recovering from the severe impact of ransomware in particular. So I think it gets probably more visibility than some of the other things. And the risk is sometimes that that distracts you from the other problems that companies like those ones you mentioned are suffering, which are things like email fraud. Business email compromise is still a significant issue, and it’s almost competing with ransomware. The reason ransomware has become so big is it’s become highly industrialised. There’s almost a supply chain of several criminal organisations that put components together. They don’t do the whole thing. They sort of rent their malware code to other groups to sort of then tailor make it for a particular industry. And I think probably one of the big highlights, if you like — in inverted commas — for the year that’s gone by is that malware and ransomware is very much being tailored for a country, for a sector, for a company, and even for a sector of that company. So we’re not seeing these general sort of sprays of very general ransomware that may or may not be successful. The ransomware that we’re seeing and reading about has been stealthily put in. The criminals are doing the reconnaissance, they’re understanding how and who does what in the organisation. And then they’re clicking the trigger and detonating that ransomware. And once they’ve done all the damage, once they’ve put the backdoors in, quite frequently now with those companies, they’re also exfiltrating. So pulling the data out before they ransomware in so that they can have another go. And there’s a few examples of that in the press at the moment with companies that have criminals that have threatened that they’ve taken out large amounts of data and that they use that as even more leverage to force a ransom to be paid.
@AuManufacturing: Is there any information about who is targeting Australian manufacturers? State actors from a specific country? Organised crime? Others?
John Karabin: We don’t go into declaring who it is, simply because it’s a very, very convoluted path we see. So the answer is all of the above. The attribution of exactly who it is can be very difficult. However, we’re definitely seeing nation state actors. There’s no two ways about it. There’s several large nations that are actively involved in looking at manufacturing and we know this because of the intent. So that sometimes gives it away. Ransomware is generally a quick financial hit or gain, if you like. And so that’s usually in the criminal community. Obviously, they want to make money out of what they do. The nation states are trying to gain IP, understand where a manufacturing process is at, to get some sort of advantage. So we see that in manufacturing, Japan, for example, sees its car manufacturing sector heavily targeted, clearly for IP theft and capability. In Australia, we’ve definitely seen it in the medical sector. The big factor last year was Covid, still is this year, of course. And not just the impact at the domestic individual level and the shift to working from home, but every business in this country had to alter its workforce and how that worked. And sectors in Australia, such as the health sector were heavily targeted. And some of that was clearly to make money. So we see cases of hospitals more recently in the press with ransomware. But we also certainly know that Australia’s quite a leader in health industries. And so early last year and certainly last year, we definitely saw an increase in surveillance attacks, probes using known vulnerabilities, botnets used to sort of peer in and get a foothold into all of those sectors. And you can speculate that that’s not just criminals, it’s certain nation state actors.
@AuManufacturing: What is the appreciation of cybersecurity issues in Australia? Do governments get it, generally speaking, in your opinion?
John Karabin: I’m happy to say I do think they get it. I think they have been putting more and more resources into this problem. They can always put in more, of course, every country in the world can always put more into this issue.
I tend to always go to the Australian Cyber Security Centre’s core website, which has become extremely useful. We encourage a lot of our clients to keep in touch with that. They’re now putting out briefings pretty well daily. Some of them are classified, some of them are open briefings on vulnerabilities and attacks. I did a session with a very large company with the workforce to teach them cyber security 101 for your home environment, for your children and family. And there’s a section on that website that actually is there for the individuals, what to do, what happens when the scammers call you.
By and large, the government has done okay. There’s a lot more that they need to do, there’s more coordination between industry and government that needs to be built up. So the job is not finished. But they’re not ignoring it and have been steadily improving their posture. But it’s such a big issue. I think the government alone is not the only one that can or should be involved with upping the maturity and the resilience of our society. Big business has to step up considerably. And I would give you the same answer about big companies. For example, in Australia, there’s some very good organisations that have really taken cyber security very seriously and right up to the board level. And there’s some that are still way behind where they should be.
And, you know, they are paying a price these days, almost. You’re almost guaranteed to have a cybersecurity incident if you have not made sure that you’ve ticked all the boxes, crossed and dotted all the I’s and T’s around your best practise approach.
(This interview has been lightly edited for clarity.)
Picture: Getty Images
Subscribe to our free @AuManufacturing newsletter here.