Cybersecurity and compliance challenges are nothing new for the manufacturing industry, but with connected, smart factories becoming the norm, the resulting reliance on technology to drive operations has made the sector a much more lucrative target for cybercriminals in recent years.
In fact, according to the 2020 Data Breach Investigations Report by Verizon, the manufacturing sector reported 922 security incidents, with 381 of those having confirmed data disclosure. While these statistics should be cause for pause, they are even more alarming when you compare it to data from the 2019 Data Breach Investigations Report by Verizon which reported just 352 incidents with 87 having confirmed data disclosure; increases of 161 per cent and 337 per cent respectively.
The Internet of Things (IoT) promises great productivity and efficiency gains for manufacturers, but it also increases the risk and vulnerability of data and mission-critical operations if the right defenses are not in place. As more and more processes become automated or underpinned by connected devices, the potential for cyber-risks to infiltrate the network is a very real issue for every manufacturer today.
The changing nature of risk
It’s not just businesses that are reaping the benefits of the smart factory. Cybercriminals are finding ever more sophisticated and manipulative ways of infiltrating company networks, to achieve financial gain or disrupt operations.
According to research from F-Secure, cyberattacks on IoT devices surged last year, increasing by a staggering 300 per cent. Given that every new connected device or tech-based process brings an additional point of vulnerability within a network, for cybercriminals to potentially gain access and disrupt production lines, leak confidential data, or worse, manufacturers need to ensure proper safeguarding processes are in place.
The impact of any breach or downtime—whether it’s a process on the factory floor or a back-office system—can have significant financial and reputational consequences. One such example is Colorado-based manufacturer Visser Precision, which makes parts for companies including Tesla, Boeing, SpaceX, and Lockheed Martin. It publicly suffered a data breach in early 2020, at the hands of a DoppelPaymer ransomware attack, which led to confidential files and customer details being stolen and available for download.
With manufacturers increasingly moving away from on-premise solutions and towards leveraging the computing power of the cloud, the issue of data security should be approached differently to what has traditionally been the case. Cloud platforms that are best-in-class will help reduce breach risks, but organizations must be wise not to take it for granted. Breaches could well happen where companies are running their own clouds without the proper controls. Phishing scams also become prominent is cybercriminals can use them to take advantage of email servers that have been deployed on the same networks as business application servers.
With intellectual property, as well as confidential company and customer data, travelling across a network and being stored in the cloud, manufacturers must ensure they keep cloud solutions safeguarded from email systems, so that cloud adoption doesn’t come at the expense of data security or human error.
As well as the risk of unplanned downtime and reputational damage due to a data breach or halt to operations, innovation in manufacturing is also grappling with stricter compliance measures when it comes to personal data security. The introduction of GDPR has seen huge fines being issued to those companies suffering a breach, with similar regulations coming into force more recently around the globe to tighten up data misuse.
The people problem
In addition to the vulnerabilities associated with smart factory technology and the interconnected nature of manufacturing today, actions of individuals themselves can also be a huge area of risk. Despite phishing attacks and other social engineering methods having been around for a long time, they are still causing a big problem in the industry and continue to threaten the security of mission-critical data and systems.
As a case in point, based on findings from the Verizon report I cited earlier, crimeware, web applications and privilege misuse represent 64 per cent of all breaches in the manufacturing sector.
Adopting innovation with confidence
With so many potential points of vulnerability and much more accountability placed on businesses to keep information secure, it is clear that any innovation adoption needs to have flexibility built in and be ‘secure by design’.
Security of the smart factory shouldn’t be an afterthought or add-on. It is an integral element of the overall transformation. Not only is security a critical risk and cost mitigation measure, but every player in a firm’s value chain—from suppliers to customers—care about security and would potentially be impacted by a breach. Therefore, security should also be considered a strategic value-driver that improves organizational competitiveness and market share. Careful planning and an agile approach to tech adoption will play a key role in enabling manufacturers to lead through innovation, remain compliant with data management regulations, and minimize risks as much as possible moving forward.
As manufacturers remain a popular target for cybercriminals, risks must be reduced through better education of employees and users. Ongoing training and practical guidance will be key to reducing the role played by ‘insider threats’ to business operations. Regular education programs for staff, such as employee security awareness training, is an important and effective security measures to take.
When it comes to cloud-based technology and services, these can help businesses remain agile and evolve processes quickly, to respond to changing regulatory compliance. However, as with any tech adoption, guidance and expertise can help ease these changes. It is critical to find a trusted partner that can explain a business’s security risks in clear terms and offer potential solutions that will help it achieve its goals. Furthermore, due diligence and resilience assessment will be key, to avoid any single point of failure or potential vulnerability in the connected factory.
Indeed, performing regular risk assessments will help manufacturers understand where potential risks lie within the network environment, to mitigate the potential threats posed by existing or new technology. Alongside this, standardized risk policies will help ensure that any new technology adoption goes through stringent measures before becoming part of a smart factory set-up.
Technology adoption should be rewarding, not risky. Putting the right processes and safeguards in place now will not only protect your people and data, but also help futureproof business growth and success.
About the author
Kerrie Jordan is a director of cloud product management at Epicor Software