By Abe Eshkenazi, CEO, APICS

Malware has crippled banks, railway systems and power companies, but the Associated Press (AP) reported last week that manufacturers increasingly are the victims of cyberattacks too.

Emery P. Dalesio writes about AW North Carolina, a transmission plant that makes parts for nine Toyota car and truck factories across North America. Last August, malware came into the plant through an email and spread like a virus. The criminals threatened to lock up the production line until the company paid a ransom.

AW North Carolina, like many other modern factories, uses just-in-time manufacturing. Therefore, for every hour the plant was shut down, it would have lost $270,000 in revenue. “Production lines that integrate computer-imaging, barcode scanners and measuring tolerances to a hair’s width at multiple points are more vulnerable to malevolent outsiders,” Dalesio writes.

AP interviewed John Peterson, AW North Carolina’s information technology manager. He said the hackers know production schedules are strict. “There’s only a day and a half of inventory in the entire supply chain,” Peterson said in the article. “And so if we don’t make our product in time, that means Toyota doesn’t make their product in time, which means they don’t have a car to sell on the lot that next day. It’s that tight.”

Peterson and his IT team were ready. Although the malware shut down production for about four hours and erased data on some laptops, it was blocked by a firewall that prevented the virus from exiting the plant’s network and installing the hacker’s “lock.”

In April, AW North Carolina was targeted again with different malware created by different criminals. The virus was contained before production was put on hold. Peterson said no ransom was paid in either instance.

According to NTT Security’s “Global Threat Intelligence Report 2017,” manufacturers — along with government and financial firms — are top targets for criminals, foreign espionage agents and other hackers. The report also unveils the following findings:

  • Cyberattacks increased 24 percent globally in 2017’s second quarter.
  • Sixty-seven percent of malware attacks were delivered by phishing emails.
  • The speed of attacks continues to increase exponentially once initiated.

The U.S. Department of Homeland Security adds that the number of cyberattacks affecting U.S. industrial control systems has doubled in the past two years. Experts there expect that these attacks will continue to increase as hackers develop custom ransomware to better target individual companies.

Emphasizing risk management

Are your company and your company’s supply chains prepared for the new age of cyber threats? It’s a matter of risk management, which is defined by the APICS Dictionary as, “The identification, assessment, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities.”

As the AW North Carolina example illustrates, effective risk management requires coordinated business processes. The APICS Supply Chain Operations Reference (SCOR) model is the world’s leading supply chain framework and links business processes, performance metrics, practices and people skills into a unified structure. Throughout the structure, risk management is emphasized.

APICS is pleased to offer the SCOR-Professional (SCOR-P) endorsement, which establishes an in-depth knowledge of the SCOR model and methods. To learn more about how SCOR and SCOR-P might help you and your organization, visit apics.org/apics-for-business/products-and-services/apics-scc-frameworks/scor

This post originally appeared in APICS newsletter on August 18, 2017

Abe Eshkenazi currently serves as the chief executive officer for APICS and APICS Supply Chain Council. Prior to joining APICS, Eshkenazi was the managing director for the Operations Consulting Group of American Express Tax and Business Services.