Why Cyber Security Practices in Manufacturing Needs an Update
In the digital age, Industry 4.0 has become a catalyst for a transformation within today’s manufacturing industry. In fact, many manufacturers are already embracing digital transformation in a variety of ways.
Due to rapid technological advancements, manufacturers must work smarter and more efficiently to remain competitive in a consumer-driven market. In addition, it is critical to implement and deploy innovative technologies – especially during a time when competitors are already designing smart factories and adopting Internet of Things (IoT) technologies.
The fast-paced business environment demands that technology play a key role as a growth enabler. It is just a matter of time before Industry 4.0 dominates the manufacturing industry. There isn’t any doubt that technology will take manufacturers into the future and offer the necessary assets to maintain their hold on targeted market share.
On the other hand, evolving technologies also come with evolving risks – which need to be addressed on a persistent basis. According to a Vectra report, the manufacturing industry is seeing much higher rates of cyberattacks within the past five years. Since many manufacturers are considered small businesses, they have often dismissed the imminent cyber threats. Some manufacturers tend to believe that the major targets are still in healthcare and financial services.
Yet, even if a manufacturing company is not specifically targeted by cyber criminals – it can get caught up in cyber “collateral damage” as malware from vendors and partners can spread without discrimination. In fact, IBM’s X-Force IRIS incident response team published a study which found that manufacturing is now the second-most targeted industry for cyber criminals.
Hackers are mapping out networks, while searching for key vulnerabilities. And, the inter-connectedness of Industry 4.0 gives cybercriminals more of a surface for exploitation. This means internal networks must be continually monitored, and for many manufacturers, this just isn’t a reality yet. As you can see, IT solutions for manufacturing are desperately needed. Keep reading to learn more.
The shocking costs of cyber attacks in the manufacturing industry
Unfortunately, manufacturing IT has not reached the prevalence needed to meet modern cyber threats. A recent report by Risk Based Security found that 2019 will be the “worst year on record” for data breaches. It has already skyrocketed over 54 percent compared to the same time last year. During the first half of the year, around eight data breaches were reported – and, over 3.2 billion records were left exposed.
Furthermore, an ISACA and the Digital Manufacturing and Design Innovation Institute (DMDII) survey discovered that many manufacturers face security concerns related to both IoT devices and finding sufficient cybersecurity staff. Kevin McDunn, Chief Product Officer of DMDII is quoted as stating, “Three-quarters of U.S. manufacturing firms have fewer than 20 employees and 98 percent have fewer than 500. To shore up the resiliency of the U.S. supply chain, reaching small manufacturers is essential, and understanding their needs and capabilities is a crucial initial step.”
The survey also revealed that 81 percent of manufacturers are somewhat-to-very concerned about potential cybersecurity risks with smart technologies and internal networks. In terms of IT solutions for manufacturing, the choice is clear: Cybersecurity needs to be a top priority.
To illustrate further, the 2017 NotPetya wiper malware attack fully disrupted Merck’s Q2 global operations, including manufacturing. This attack also affected thousands of victims, across 65 countries. Merck then put its losses at an astronomical $670 million.
You see, cybercriminals view manufacturing companies as low-hanging fruit for many of the reasons discussed above – lack of sufficient cybersecurity personnel, insufficient staff training, and the latest exposures arising from IoT-integrated devices. Here is another example: In 2016, around 400 manufacturers were attacked everyday with a combined $3 billion reported in losses.
The rewards of technological leaps in the development, design, and operation of manufactured products are many. Nonetheless, the cyber security threats are also growing along with it. Moving forward, manufacturers can no longer afford to ignore this pervasive issue.
Of course, the implementation of cybersecurity strategies can be more challenging for manufacturers who depend on operational technologies and OT vendors. Plus, SCADA systems and industrial controls vary greatly in standards.
Additionally, it is difficult for manufacturers to determine their most vulnerable attack surfaces as they can have plants distributed both nationally and globally. Then, there are the legacy systems to contend with. Moreover, the potential for operational disruption when updating outdated software and hardware can appear intimidating.
Manufacturing can consist of a complex process of networks with remote vendors. So, manufacturing IT needs to be both comprehensive and forged with a cyber secure perspective.
The emerging IoT technologies in manufacturing offers better control over systems and data. This makes for improved insights, the opportunity for customers to accurately track their orders, and more. The advantages of smart technologies, and smart factories, are undeniable. In contrast, the always-online mode of these systems means entire factory outputs can be disrupted with just one successful cyber attack.
Since many smart factories are connected to the public Internet, the threat is even more palpable. And, many manufacturers still use legacy IT systems such as Windows XP which no longer produces updated security patches. With greater connectivity at play, manufacturers must start working with trusted advisors to implement multiple layers of security and combine that with customized IT solutions for manufacturing that addresses the multi-faceted threats.
What can manufacturers do?
Cybersecurity should not be treated as a finite problem. As technologies advance, so will the sophistication of harmful data breaches. As a result, cybersecurity strategies must be ongoing.
Here’s what the Harvard Business Review had to say about the typical view of cybersecurity, “They may assume that complying with a security framework like NIST or FISMA is sufficient security — just check all the boxes and you can keep pesky attackers at bay. They may also fail to consider the counterfactual thinking — We didn’t have a breach this year, so we don’t need to ramp up investment — when in reality they probably either got lucky this year or are unaware that a bad actor is lurking in their system, waiting to strike.”
The best course of action, to protect your company against cyber threats, is to work with manufacturing cybersecurity experts. Also, study the National Institute of Standards and Technology (NIST) cybersecurity framework that includes best practices and guidelines. The major steps are listed below:
If production ever goes down, even for a few hours, it can result in the potential for millions in lost revenue. Combine this with the risk to a manufacturer’s reputation in the event of a successful cyberattack – and you have a double whammy. In order to thrive in the digital era, manufacturers must embrace smart technologies. Still, they must also focus on working with an experienced partner who can offer relevant IT solutions for manufacturing and a multi-layered approach to cybersecurity threats.