Tomnex | Dreamstime.com
Dreamstime M 41225428
Dreamstime M 41225428
Dreamstime M 41225428
Dreamstime M 41225428
Dreamstime M 41225428

Steelcase Cyber Attack Should Be a Wakeup Call

Nov. 13, 2020
Ransomware attack leads to world's largest office furniture manufacturer shuttering its operations.

In late October, another manufacturer fell victim to a serious ransomware attack.

Specifically, Grand Rapids, MI-based Steelcase suffered a Ryuk ransomware attack, forcing it to halt global operations for roughly two weeks.  As the world's largest office furniture manufacturer, Steelcase has nearly 13,000 employees, a network of 800 dealers, and $3.7 billion in revenue in 2020. According to its October 26 SEC filing, Steelcase "promptly implemented a series of containment measures to address this situation including temporarily shutting down the affected systems and related operations."

The question is: Why do these events continue to occur across manufacturing environments?

“The single biggest threat to enterprises today is underestimating and failing to address cybersecurity across all of their cyber and physical systems. Ransomware attackers are going after higher value targets and that includes operational networks.  And remediation costs and efforts to repair the operational, financial and reputational damage caused by these attacks put a significant strain on leadership teams," says Andrea Carcano, cofounder of IT/OT security provider Nozomi Networks. 

Carcano continues, "For manufacturing, time is money, and the current pandemic has only added to the industry’s financial challenges.  The disruption of IT and operational services, as well as manufacturing downtime and shipment delays, translates to even greater revenue losses.  In this case, it appears the Ryuk attack caused a two-week shutdown of most of Steelcase’s global order management, manufacturing and distribution systems, pushing revenues into the fourth quarter." 

Growing trend?

Unfortunately, hackers are increasingly finding today's manufacturers to be an attractive target.

And, as Zscaler's recently released 2020 State of Encrypted Attacks Report shows, ransomware is not the only growing security issue facing today's manufacturers. Results also show the manufacturing industry was the most targeted industry by phishing attempts (38.6%). In addition to phishing, manufacturing was the No. 1 target (26.5%) for browser exploits which allow attackers to take advantage of vulnerabilities in operating systems and change users’ browser settings without their knowledge.

According to report authors, "The manufacturing industry is often the target of cyberattacks because (traditionally, at least) this industry was highly fragmented, with individual facilities each using different IT infrastructures and multiple disjointed systems. As in other industries, without unified controls and centralized visibility and policy enforcement, security is incomplete and cybercriminals continue to exploit these holes."

The solution? According to Carcano, as IT and OT systems converge, security teams need to take a new, holistic approach to cybersecurity.  "Businesses should deploy artificial intelligence and machine learning tools across their IT/OT networks to gain real-time visibility and identify cyber threats and resolve issues before harm is done," he says. "With the right technology and a focus on best practices, it’s possible to monitor and mitigate these risks and achieve operational resiliency. A robust cyber defense strategy is the best line of defense against a ransomware attack.”

Popular Sponsored Recommendations

SEC Cybersecurity Rules: What’s Your Regulatory Risk?

Feb. 27, 2024
Join us for an insightful exploration of the evolving cyber threat landscape, SEC rule implications, and collaborative strategies to secure critical IT and OT networks in the ...

The Customer Is Still King! Improving Service to Maximize Revenue, Reduce Costs, Boost Loyalty!

Feb. 26, 2024
Join this webinar to learn how to deliver frictionless customer service (CX) amid changes to supply chains, unpredictable buyer demand, and the adoption of automation and AI.

2022 ICS/OT Cybersecurity Year in Review

March 13, 2023
The annual Dragos ICS/OT Cybersecurity Year in Review Report is the most comprehensive source for the latest cyber threat intelligence, vulnerabilities, and lessons learned from...

S&OP Optimization: Data-driven Strategies to Achieve Sustainable Profitability

Feb. 6, 2024
Through collaborative S&OP, manufacturers can balance demand and supply effectively, optimize resources, and capitalize on emerging market opportunities. Learn how to maximize...

Voice your opinion!

To join the conversation, and become an exclusive member of IndustryWeek, create an account today!