Jun 10, 2021

Cyber threats and how manufacturers can mitigate the risks

Cybersecurity
riskmanagement
PwC
Cisco
Manufacturing Global looks at the types of threats faced by manufacturers and the ways in which they can protect themselves from attacks

Unlike prior industrial revolutions, Industry 4.0 is not about replacing existing assets and technologies with new ones, but about mastering the challenges and opportunities posed by disruptive technologies like AI, machine learning, and big data, which are blurring the lines between the physical and digital world. 

While the increase in technological adoption is driving smarter manufacturing operations that are more agile, flexible and productive, it isn’t without challenges. As more and more operations become digital and converge to the cloud the need for effective cybersecurity measures only increases in its importance. 

Cyber threats in the manufacturing industry

“Cyber threats faced by manufacturers come in all shapes and sizes, including phishing, IP theft, ransomware, IoT attacks and supply chain attacks,” begins Mo Cashman, Principle Engineer at McAfee.

“Manufacturers are vulnerable to cyberattacks wherever digital is present,” adds Bobby Bono, Partner and Industrial Manufacturing Practice Leader at PwC, “manufacturing is not a siloed industry—supply chains span numerous countries and industries. A company is only as secure as those it works alongside. Companies must determine what their stakeholders are doing to protect not only their information but also any shared information,” he continues. 

With the number of connected systems and devices multiplying over the last year because of remote working and the increased desire for digital sales and marketing by consumers. “Attacks relating to COVID-19 continue to impact the sector. Research from McAfee found 9,435,863 malicious detections related to the pandemic since April last year, with 2 per cent of these attacks targeting the manufacturing industry. Trojans have been the main tactic used across all sectors, followed by viruses and potentially unwanted programmes,” says Cashman.
  
“Another thing to keep in mind is that the manufacturing sector—like all sectors of the economy—is coping with massive workforce changes,” adds Steve Gansen, Sales Business Development Manager for Manufacturing Industry, Cisco

“Baby boomers are retiring in large numbers, and that’s driving the adoption of technology solutions, including analytics, remote expert and other network-driven solutions, so they can do more with less without losing their competitive advantage.  But these solutions come with their own risks; they create a wide and vulnerable threat landscape, that is compounded by the historically ageing infrastructure within outdated plants. Manufacturers must adapt to avoid cyber threats.”

The evolution of cyber threats in manufacturing
  • “Cyber threats in the manufacturing industry have dramatically evolved over the last decade as the intelligence and creativity of cyber attackers has grown. Most significantly, we see attackers repurposing threats like ransomware and entering through workplace systems to attack industrial systems,” - Mo Cashman, Principle Engineer at McAfee.
  • “Cyber attacks are more sophisticated than ever. For companies that have transitioned the largest parts of their business to the cloud, a breach could undermine the entire foundation of a company and its workforce,” - Bobby Bono, Partner and Industrial Manufacturing Practice Leader at PwC.
  • “To say cyber threats have grown more complex over the last five to ten years is a serious understatement. Back then, it was a lot easier to spot a suspicious email or an illegitimate link to a website. Today, the attacks are increasingly sophisticated. We are only a click away from a big mistake,” - Steve Gansen, Sales Business Development Manager for Manufacturing Industry, Cisco.

“Five to 10 years ago, many thought that enterprise-grade firewalls were enough to secure an IT network. But this thinking has significantly evolved. Firewalls alone can't provide the protection that digital-first, smart factories and connected manufacturers need,” says Raj Krishna, VP of Strategy & Planning, Cisco Meraki.

As the industry becomes increasingly data-driven and reliant on technology, security professionals across the manufacturing industry will face significant challenges when defending their organisations from threats across connected machines and connected networks. “Migrating to the cloud and embracing a smart factory mindset has highlighted pressing cybersecurity issues, which is an evolving area and must consistently be at the forefront,” adds Bono. 

“Whether it is an enhanced digital-customer experience or the option to work remotely, the increasing presence of digital has altered almost every aspect of our personal and professional lives. We have grown accustomed to the newfound ease and flexibility that comes with digital enhancements but need to keep in mind the risks associated with it as well,” continues Bono.

“Much of the industry continues to practice ‘just-in-time’ manufacturing which allows little room for error, further emphasising the need for cyber-protected digital assets. The recent Suez Canal blockage halted global trade, and companies faced the financial impact of catching up to demand. A cyber attack against the entire company would be much more costly.”

So what can manufacturers do to protect themselves from cyber threats?

“Cybersecurity is not a one-and-done occurrence,” says Bono. “Once initial measures are put in place, it is time to shift focus to building the foundation for cybersecurity excellence. As technology advances so do potential cyberattacks, and your employees are the first line of defense in protecting your business, emphasising the need to make sure they are trained and prepared,” he added. 

"While 70% of CISOs and CIOs say they increased security training as a result of COVID-19, only 30% of employees say their employer has offered training on the dos and don’ts of protecting company and personal digital assets, data, and information" - Bobby Bono, Partner and Industrial Manufacturing Practice Leader at PwC.

Agreeing with Bono that there is no ‘one-size-fits all’ approach to cybersecurity, Gansen says that “First, manufacturers need to invest in modern security tools that do deep-packet inspections to identify vulnerabilities. If they use firewalls as their primary strategy, then they’re in trouble. Secondly, they need to embrace the fact that security isn’t just a concern for executives or managers. It’s something every employee needs to be trained on so that they’re making the right choices,” he also comments that “they need to work with experts to find solutions that work for their unique situations and give them full visibility into the network and everything on it. If it doesn’t look right, it probably isn’t. Having that visibility will let managers act on it.”

Adding to Gansen’s comments, Bono says "After spending 2020 playing defense against cyberattacks, it is time to take a step back and create a secure foundation for the future. Looking ahead one to two years, companies should begin evaluating how they are addressing cybersecurity at every level of their organization and allocating sufficient resources for it.”

“What’s required is a sophisticated and powerful security strategy for data and networks – the ability to evolve with speed, and at scale with security. This is the foundation for manufacturing organisations to win with confidence and become true differentiators from their competitors,” concludes Krishna.

The benefits of strong security in manufacturing
  • “A strong cybersecurity program should mean that plant infrastructure is also well connected. This opens up possibilities for leveraging plant solutions that can hit your bottom line quickly and efficiently.  Solutions like artificial intelligence or augmented reality, asset management tools, and analytics tool all require a well-connected network to gather, move and analyse the data. Security is about having visibility to connected and unconnected devices. That same strategy can help manufacturers gather data to make information-based real-time decisions for productivity gains” - Steve Gansen, Sales Business Development Manager for Manufacturing Industry, Cisco.
  • “Companies must focus on understanding how cybersecurity can affect their business. If they do not prioritise vulnerability to cyber-threats until an attack strikes, it is too late. Addressing potential threats head-on by developing short-term and long-term plans will build a strong cybersecurity foundation internally and externally. Having a strong cybersecurity foundation is also vital from a reputational standpoint. Businesses and consumers alike are seeking partners they can rely on to safely deliver products while protecting private information. A breach goes beyond one company – it impacts everyone in the supply chain all the way down to the end-user” - Bobby Bono, Partner and Industrial Manufacturing Practice Leader at PwC.
  • “Our recent research found that the monetary cost of global cybercrime is around US$945bn. These costs aren’t just the result of monetary losses, but also include significant reductions in both productivity and lost work hours. When businesses fail to maintain and evolve their cyber defenses, it is now the difference between their ability to thrive or just survive within the market” - Mo Cashman, Principle Engineer at McAfee.
  • “With a strong cybersecurity strategy in place, manufacturing organizations will be able to reap the benefits - including seamless maintenance of operations, improved efficiencies and better outcomes from leveraging connected devices, physical safety, supply chain integrity and more” - Raj Krishna, VP of Strategy & Planning, Cisco Meraki.

Share article

You might also like these articles