Cybersecurity Threats in Manufacturing and Distribution: A Conversation with Kevin Ricci and Mark Henry

In today’s digital age, the manufacturing and distribution industries are increasingly reliant on technology to streamline operations and improve productivity. However, this reliance also makes them prime targets for cybercrime. Understanding cybersecurity threats is crucial for protecting your business from potential attacks. Kevin Ricci, partner and co-leader of Citrin Cooperman’s Cybersecurity Practice, and Mark Henry, partner and co-leader of Citrin Cooperman’s Manufacturing and Distribution Industry Practice, sit down to discuss the real threats and impact of cybercrime in manufacturing and distribution.

Henry: New and innovative cyberattack techniques are happening all the time. What do you see as the real concerns for the future and holes in cybersecurity compliance that the manufacturing and distribution industries typically miss?

Ricci: A little bit further down the road there's going to be quantum computing and things of that nature that are really going to blow through any type of cryptography we have in place right now. Artificial intelligence tools are really a concern here, because although AI is beneficial to businesses in many ways, it also can be used for evil purposes by these criminals. So, they're supercharging their attacks and can create a lot of new attack vectors using this technology.

Henry: What are the biggest cyber concerns facing the manufacturing and distribution industries today?

Ricci: AI-powered industrial espionage is very real in the manufacturing and distribution sectors. AI can analyze production processes, schematics, and operational data to identify valuable trade secrets, proprietary formulas, and manufacturing techniques. Attackers can reconstruct or reverse-engineer these processes using generative AI, enabling competitors or malicious actors to replicate or sabotage products.

The supply chain is the lifeline of the manufacturing and distribution industries. Cybercriminals capitalize on this and can map complex supply chain networks to identify weak points or dependencies. Attackers can inject malicious code or compromise software updates in suppliers’ systems, affecting production or distribution downstream.

AI is widely used in robotics and automated manufacturing lines. Adversarial attacks can feed malicious input to AI systems controlling robotics, causing misalignment, defective products, or dangerous conditions for workers.

Attackers also use AI-generated deepfakes (video, voice, email) to impersonate executives, engineers, or logistics managers. This can facilitate unauthorized access, financial fraud, or supply chain disruptions.

Henry: For companies that take a proactive approach to cybersecurity compliance, how is their response better or different when attacks inevitably take place?

Ricci: Great question. Being proactive is really going to reduce the risk of even becoming a victim of a data breach or cyberattack; it's also going to reduce costs. For example, if you have a disaster recovery plan in place it's going to help you react much quicker and more rapidly in terms of your response times and get your business back up and running much quicker, less expensively.

Henry: Let's talk more about some of the hidden costs of cyberattacks. What are manufacturing and distribution companies not considering in their cost analysis?

Ricci: A lot of times companies will take the approach of, “Well, I have cyber insurance, and that's going to pick up the tab for any of the costs involved.” There are many costs that come along with any type of cyberattack or data breach, ranging from the forensic costs of bringing in attorneys and IT professionals to undo the damage, to the replacement of potentially compromised software and hardware that has been affected during the attack.

There could be fines and penalties that will come in from any regulations governing the data that may have been affected. And, of course, the reputational damage that comes along with an attack, which is very difficult to offset. That's going to erode confidence with customers and vendors, and most customers are going to be very reluctant to do business with a company that can't protect their data.

Henry: What is the major impetus for cyberattacks today?

Ricci: The impetus for cyberattacks ranges. It goes anywhere from these script kiddies, as they're known, like the anonymous group, that usually want to take down your website because they have differing political views and have weaponized cyberattacks. Using it as a weapon of war at this point. We're seeing this in Taiwan and Ukraine and elsewhere, but predominantly it's for profit. It's very lucrative to steal information from an unsuspecting customer or client because you can sell that information on the dark web or hold it hostage and get a ransom paid for it.

According to some statistics, the number one reason (about 91%) data breaches are initiated is through social engineering attacks. In the not-too-distant past, criminals realized it's very difficult to hack their way through firewalls, intrusion detection systems, and endpoint protections. That approach was very expensive and very time-consuming. In response, they have targeted the weakest link in the chain, us, the human factor. Through social engineering, which is basically deceiving us into opening an attachment that potentially was infected or clicking on a link that takes us to an infected website or compromising our own credentials, these bad actors can hack into systems and cause catastrophic damage.

Henry: You’ve worked with really successful manufacturing and distribution companies who have had cyberattacks or successfully blocked cyberattacks. What are the top things that you've seen these companies do to help them remain responsive and agile?

Ricci: Typically, the number one reason companies can successfully combat these types of attacks is that they have buy-in from the top, and that culture runs through and imbues itself into all of the employees throughout the organization. If you don't have that buy-in from the leadership team, chances are it's not going to flow down, and people aren't going to take it seriously. They're going to put their defenses down and, unfortunately, become that next victim.

Henry: What are the most common scenarios that elicit a company to call you and the team for cybersecurity services?

Oftentimes, we'll get the call from a company who has known some peer within the industry who's fallen victim to some type of attack, and then the light bulb goes off that “Wow, this isn't just some kind of an ethereal threat. This is something that could potentially bring our entire company down.” They don't want to be the next victim, so they'll call us in and try to assess their company, see where their gaps and vulnerabilities are, and assist with the remediation.

Citrin Cooperman’s Cybersecurity Practice helps companies assess their organizational vulnerabilities and provides actionable plans to defend against cyberattacks and data breaches. For more information on how to best safeguard your company in today’s challenging digital landscape, please contact Kevin Ricci or info@citrincooperman.com.