Protecting Industry: Cybersecurity in the AI Era - Industry Today - Leader in Manufacturing & Industry News
 

March 8, 2024 Protecting Industry: Cybersecurity in the AI Era

Manufacturers and supply chain partners must also be aware of the dangers posed by the AI revolution.

By Dr. Shaun McAlmont, CEO of NINJIO

The rapid emergence of AI has sweeping implications for manufacturers, from automating processes to providing greater visibility across the supply chain with large-scale data collection and analysis. However, manufacturers and supply chain partners must also be aware of the dangers posed by the AI revolution. 

From AI-composed phishing messages to deepfakes that can manipulate employees into providing access credentials and sensitive information, AI is becoming one of the most powerful weapons in the cybercriminal arsenal. It has never been more important for manufacturers to educate employees about the risks posed by AI, which will help them identify attacks in progress, establish distributed defenses, and build resilience across the supply chain. 

AI-powered cyberattacks are on the rise

Over the past several years, the cost, frequency, and sophistication of cyberattacks have all increased dramatically. Between 2017 and 2023, the average cost of a data breach surged from $3.62 million to $4.45 million – a cost that has risen even more (to $4.73 million) in the industrial sector. As cybercriminals increasingly adopt AI, the financial, operational, and reputational costs of their attacks will continue to rise. 

Recent Microsoft research on the threat of AI-generated cyberattacks found evidence of the “attempted misuse of large language models.” Cybercriminals use LLMs to compose targeted spear phishing attacks on a scale that wasn’t possible just a couple of years ago. These attacks rely on convincing and personalized AI-generated messages to trick employees into clicking on malicious content or providing access. 

Employees must recognize that old detection methods (such as scanning messages for spelling, grammatical, or syntax errors) don’t work like they used to, as LLMs can quickly produce compelling and polished content. Employees must instead focus on other manipulation tactics: does the message have a sense of urgency? Does it include inducements or threats? Has the sender been verified through multiple channels? 

Many cybersecurity warnings are flashing red for manufacturers, and the cyberthreats they face are all the more urgent thanks to AI. This is why manufacturers must ensure that their employees are armed against ever-evolving AI-powered cyberattacks. 

AI cybersecurity awareness is critical for resilience

While supply chains have generally healed after years of relentless disruption caused by the pandemic, inflation, and geopolitical instability, resilience has become a top priority for companies in the manufacturing sector. Cybersecurity has long been a key aspect of resilience for manufacturers and their partners – even more so now that cybercriminals are using AI to launch more sophisticated cyberattacks at scale. 

According to a recent IBM report, manufacturing was the top industry targeted by cyberattacks in 2023 – a trend that has held for three years straight. Phishing is by far the main initial attack vector for manufacturers, and IBM found that AI allows cybercriminals to produce deceptive phishing messages much faster than before. 

AI enables cybercriminals to create hyper-realistic phishing messages that mimic the language of bosses, colleagues, or vendors. They can even use deepfakes to sustain the deception via a phone call and other forms of verification. Cybercriminals are also using AI to trawl social media and the dark web for data that will help them customize cyberattacks on the basis of their victims’ unique behavioral profiles. 

Employees responsible for maintaining critical infrastructure must be aware of these evolving cybercriminal tactics, which means verifying where all communications come from, auditing social media usage for potentially compromising data, and analyzing the text of all messages for coercive or manipulative language. Cybersecurity awareness in manufacturing must evolve to guard against the AI-powered cyberthreats that are here now. 

manufacturing supply chain

How manufacturers can thwart AI cyberattacks

Cyberattacks on critical infrastructure are rising, which is why the Biden administration just issued an executive order requiring maritime infrastructure organizations to report cyberthreats and increase their cybersecurity standards. Almost 70 percent of the attacks IBM identified in 2023 were against critical infrastructure organizations, and 84 percent of these attacks could have been mitigated. Cybersecurity awareness training is among the top mitigating factors across all data breaches, which is no surprise, as nearly three-quarters of all breaches involve a human element. 

As AI becomes an increasingly potent cyber weapon, manufacturers must train their workforces to identify and prevent the latest cyberthreats. This requires a keen awareness of how cybercriminals exploit employees’ psychological vulnerabilities to deceive and manipulate them. There are several major vulnerabilities to focus on: fear, obedience, greed, opportunity, sociableness, urgency, and curiosity. For example, cybercriminals may impersonate an authority figure within the company and demand the immediate transfer of sensitive data or funds (an attack that leverages fear, obedience, and urgency). 

Just as cybercriminals are launching increasingly targeted attacks with stolen data and AI-composed phishing content, manufacturers can resist these attacks with personalized cybersecurity training. Effective training must account for each employee’s unique learning style, knowledge level, and behavioral profile. This means keeping employees fully engaged with hyper-relevant training content that covers real-world cyberattacks and addresses their unique psychological strengths and weaknesses. 

Despite the increasing sophistication of AI-powered cyberattacks, the vast majority still rely on deceiving and manipulating human beings. When manufacturers empower their workforces to defend the organization from cyberattacks, they will be in a much stronger position to safely navigate the AI era. 

shaun mcalmont ninjio
Dr. Shaun McAlmont

About the Author:
Dr. McAlmont is CEO of NINJIO, and is one of the nation’s leading education and training executives. Prior to NINJIO he served as President of Career and Workforce Training at Stride, Inc., had a decade-long tenure at Lincoln Educational Services, where he was President and CEO, and also served as CEO of Neumont College of Computer Science. His workforce and ed tech experience is supported by early student development roles at Stanford and Brigham Young Universities. He is a former NCAA and international athlete, and serves on the BorgWarner and Lee Enterprises boards of directors. He earned his doctoral degree in higher education, with distinction, from the University of Pennsylvania, a master’s degree from the University of San Francisco, and his bachelor’s degree from BYU.

 

Subscribe to Industry Today

Read Our Current Issue

Made To Stay: Attracting Gen Z Into Manufacturing

Most Recent EpisodeASME: Driving STEM Education Initiatives

Listen Now

Patti Jo Rosenthal chats about her role as Manager of K-12 STEM Education Programs at ASME where she drives nationally scaled STEM education initiatives, building pathways that foster equitable access to engineering education assets and fosters curiosity vital to “thinking like an engineer.”