MMC CYBER HANDBOOK 2016
• Manufacturing is susceptible to cyber threats, given increasingly complex supply chains,
network-controlled production lines, and the hyper-connectivity of “Industry 4.0.” The
manufacturing sector was the leading target of infrastructure cyber attacks in the US in 2015.
• In 2014, hackers attacked the business and production network of a German steel mill to access
to the mill’s control systems and trigger an unscheduled shutdown of the furnace, causing
massive damage to equipment.
• Cyber risks inherited from external connections, such as supply chain and trading partners,
service providers, and other affiliates, are particularly acute in the manufacturing sector, and
must be continuously monitored, analyzed, and managed with a well-defined program.
• Point-of-sale (POS) systems have been a key entry point for many retail data breaches. Along with
recent advances in POS technology comes new malware that targets POS systems to capture
payment card data and gain access to other corporate systems.
• In recent years, hackers have acquired the credit card information of millions of retail shoppers,
which they can readily sell with point-and-click e-commerce functionality on the hacker Dark Web.
• Technologies that retailers and the payments system as a whole are implementing to protect
against cyber attacks include end-to-end encryption (E2EE), tokenization, becoming EMV
compliant, testing systems, and focused staff training on POS system security.
• Universities and other institutions of learning, with their culture of openness and information
sharing, are highly susceptible to cyber risk. Data breaches can turn into high-visibility problems,
such as identity theft, electronic stalking, compromise of health data, theft of intellectual property
(first- and third-party), and other liabilities.
• In early 2016, a well-known US university fell victim to an attack on its financial management
software that compromised the information of 80,000 current and former students, employees,
• Educational institutions are taking efforts to increase risk mitigation. For example, in 2015, there
was a 37 percent increase in cyber insurance purchases in the education sector. Educational
institutions must focus on ensuring all users, including staff, academia, and students, follow
effective cybersecurity practices.
Copyright © 2016 Marsh & McLennan Companies