Accelerate manufacturing innovation with secure access controls
Manufacturing is going through a technological resurgence that is transforming the modern factory. Today we are seeing data-driven factories, with an unstoppable integration of connected systems and devices. Gartner predicts that 25 billion Internet-connected things will be in operation by 2020 with close to $2 trillion of economic benefit globally, and the advantages of Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems being integrated into the IoT is proving its potential in improving efficiencies, innovation and profitability.
However, at the same time this increased connectivity is also opening up entry routes for cyber criminals, leaving manufacturers open and vulnerable to a multitude of exploits and unauthorised access attempts. This is yet further complicated by the increasingly complex network of third parties across the supply chain that are employed to manage many aspects of their operations, with some having several hundreds of external parties accessing their systems in a typical week, according to Bomgar’s 2017 Secure Access Threat Report. In addition, more than half of the respondents of the report said they had sole responsibility for managing third party access into their infrastructure, and one in five admit to offering three or more access routes to their vendors, making an already big job even more challenging.
IBM’s 2016 security intelligence survey revealed that manufacturing is now one of the most frequently attacked industries, second only to healthcare. In addition to the increased risk of attack via third parties, Bomgar’s report also revealed that insiders, such as employees or contractors, also pose a significant threat to security. The survey found that 67 percent of IT professionals believe an insider data breach is the primary security threat for them, and a further 73 percent were also concerned that they could lose sensitive company information within the next 12 months.
The race to connect devices and transform processes and procedures offers many competitive advantages to manufacturing organisations, however the security stance should not be compromised and must therefore be incorporated in projects from the outset. The detrimental impact a breach could have on the public as well as an organisations’ reputation, far outweighs the benefits that can be achieved.
It only takes one employee or one third party to leave an organisation vulnerable, and with the continuation of high-profile data breaches, many of which are caused by compromised privileged access and credentials, it’s crucial that organisations control, manage, and monitor all access to their environments to mitigate this risk.
Adding to this pressure, all manufacturers are under immense pressure to have effective security and breach response capabilities in place ahead of the 2018 EU General Data Protection Regulation (GDPR) deadline. The EU GDPR brings consistency to the current data protection laws across EU member states and provides guidance on how any EU citizen data should be stored as well as how companies must respond in the event of a data breach. In the short term it is key to minimise some of the more common security weak points such as password sharing and poor employee on and off-boarding strategies to support ongoing GDPR initiatives.
Security must therefore be built into the ethos of any organisation and its projects, where workforce training, regular security assessments and specific policies and procedures are included and understood by the whole organisation.
With the variety of hacking strategies combined with the integration of modern solutions such as the IoT and complex interconnected networks of suppliers, it is paramount that controls are put in place to manage and audit all access to both complex systems such as server based environments, but also to less complex devices such as routers and switches, including all insider and third-party access.
There are a few core steps the industry can take to securely manage access:
- First, verify that employees and third-party vendors are who they say they are when requesting access to the network. Once confirmed, centrally manage all privileged accounts using an enterprise password vault so that passwords do not need to be in the public domain, written down, shared or stored in multiple places and systems.
- Next, implement an access solution where credential injection functionality is available so that passwords cannot be accessed or seen by the user but ensure they can still gain secure, instant access to the systems they need. Using a privileged access or privileged session tool also enables organisations to granularly control where users can go, what they can access and when.
- Finally, ensure that all access is audited and recorded. If a breach does occur, it will support the traceability to an entry-point and provide a record as to what may have been compromised. With GDPR regulations requiring organisations to quickly notify the relevant regulator if they have been impacted by a data breach, solutions that support these features will be a must have.
Manufacturers need to encourage the integration of multiple best-in-breed tools together with privileged session and privileged access management solutions as part of a robust security eco-system. These include detection tools, SIEM solutions, network segmentation and employee awareness initiatives to ensure they protect themselves from attacks through their connected devices whilst maximising the benefits available.
By implementing secure remote access, architecture and controls, manufacturers can prevent breaches and protect their corporate and reputational damage, ensuring innovation can prosper and regulations met.
IMF: Variants Can Still Hurt Manufacturing Recovery
After a year of on-and-off manufacturing in the US, UK, and the eurozone, demand for goods surged early last week. Factories set growth records in April and May, suppliers started to recover, and US crude hit its highest price point since pre-COVID. As vaccination efforts immunise much of the US and UK populations, manufacturers are now able to fully ramp up their supply chains. In fact, GDP growth could approach double-digits by 2022.
Now, the ISM productivity measure has surpassed the 50-point mark that separates industry expansion from contraction. Since U.S. president Biden passed his US$1.9tn stimulus package and the UK purchasing managers index (PMI) increased to 65.6, both sides of the Atlantic are facing a much-welcomed manufacturing recovery.
Lingering Concerns Over COVID
Even as Spain, France, Italy, and Germany race to catch up, and mining companies pushed the FTSE 100 index of list shares to a monthly high of 7,129, some say that UK and US markets still suffer from a lack of confidence in raw material supplies. Yes, the Dow Jones has made up its 19,173-point crash of March 2020, and MSCI’s global stock index is at an all-time high.
Yet manufacturers around the world realise that these wins will be short-lived until pandemic supply chain bottlenecks are solved. If we keep the status quo, consumers will pay the price. In April, inflation in Germany reached 2.4%, and across the EU’s 19 member countries, overall prices have increased at an unusual pace. Some ask: Is this true recovery?
IMF: Current Boom Could Falter
Even as Elon Musk tweeted about chip shortages forcing Tesla to raise its prices, UK mining demand skyrocketed; housing markets lifted; and the pound sterling gained value. The International Monetary Fund (IMF), however, cautioned that manufacturing recovery won’t last long if COVID mutates into forms our vaccinations can’t touch. Kristalina Georgieva, Washington’s IMF director, noted that fewer than 1% of African citizens have been vaccinated: “Worldwide access to vaccines offers the best hope for stopping the coronavirus pandemic, saving lives, and securing a broad-based economic recovery”.
Across the globe, manufacturing companies are keeping a watchful eye on new developments in the spread of COVID. Though US FDA officials don’t think we’ll have to “start at square one” with new vaccines, the March 2021 World Economic Outlook states that “high uncertainty” surrounds the projected 6% global growth. Continued manufacturing success will in large part depend on “the path of the pandemic, the effectiveness of policy support, and the evolution of financial conditions”.
Mathias Cormann, secretary-general of the Organisation for Economic Co-Operation and Development (OECD) concurred—without global immunisation, the estimated economic boom expected by 2025 could go kaput. “We need to...pursue an all-out effort to reach the entire world population”, Australia’s finance minister added. US$50bn to end COVID across the world, they imply, is a small investment to restart our economies.