Behind the hype of smart factories is a greater attack surface: better a secure modern factory than an insecure smart factory!
Cybersecurity and compliance challenges are nothing new for the manufacturing industry. However, in recent years, with connected, smart factories becoming the norm, the resulting reliance on technology to drive operations has made the sector a much more lucrative target for cybercriminals.
The Internet of Things (IoT) promises great productivity and efficiency gains for manufacturers, but it also increases the risk and vulnerability of data and mission-critical operations if the right defenses are not in place. As more and more processes become automated or underpinned by connected devices, the potential for cyber-risks to infiltrate the network is a very real issue for every manufacturer today.
The changing nature of cybercrime
It is not just businesses that are reaping the benefits of the smart factory. Cybercriminals are finding ever more sophisticated and manipulative ways of infiltrating company networks, to achieve financial gain or disrupt operations.
According to reports, cyberattacks on IoT devices surged last year, increasing by a staggering 300%. Given that every new connected device or tech-based process brings an additional point of vulnerability within a network, manufacturers need to ensure proper safeguarding processes are in place.
The impact of any breach or downtime—whether it is a process on the factory floor or a back-office system—can have significant financial and reputational consequences. One case example is Colorado-based manufacturer Visser Precision, which makes parts for aerospace and automotive companies. It publicly suffered a data breach in early 2020, at the hands of a DoppelPaymer ransomware attack, which led to confidential files and customer details being stolen and available for download.
With manufacturers increasingly moving away from on-premise solutions and towards leveraging the computing power of the cloud, the issue of data security should be approached differently to what has traditionally been the case.
Cloud platforms that are best-in-class will help reduce breach risks, but organizations must be wise not to take this point for granted. Breaches could well happen where companies are running their own clouds without the proper controls.
Phishing scams can also become an issue if cybercriminals can use them to take advantage of email servers that have been deployed on the same networks as business application servers. With intellectual property, confidential company and customer data all travelling across a network and being stored in the cloud, manufacturers must ensure they keep cloud solutions safeguarded from email systems, so that cloud adoption does not get compromised by human error and slack data security.
As well as the risk of unplanned downtime and reputational damage due to a data breach or halt to operations, innovation in manufacturing is also grappling with stricter compliance measures when it comes to personal data security. The introduction of the general data protection regulations (GDPR) in Europe has seen huge fines being issued to those companies suffering a breach, with similar regulations coming into force more recently around the globe to tighten up data misuse.
The people problem
In addition to the vulnerabilities associated with smart factory technology and the interconnected nature of manufacturing today, actions of individuals themselves can also be a huge area of risk. Despite the long track record of phishing attacks and social engineering methods, such cybercriminal tricks are still causing a big problem in the industry and continue to threaten the security of mission-critical data and systems.
According to the 2019 Data Breach Investigations Report by Verizon, phishing attacks remain the number-one cause of data breaches, particularly in the manufacturing sector. In the first half of 2019 alone, more than 4.1 billion records were compromised, with attackers hoping to gain trade secrets, compromise personal and financial data, or even disrupt manufacturing processes.
Adopting innovation with confidence
With so many potential points of vulnerability and much more accountability placed on businesses to keep information secure, it is clear that any innovation adoption needs to have flexibility built in and be ‘secure by design’.
Security of the smart factory should not be an afterthought or add-on. It is an integral element of the overall transformation. Not only is security a critical risk and cost mitigation measure, but every player in a firm’s value chain—from suppliers to customers—care about security and would potentially be impacted by a breach. Therefore, security should also be considered a strategic value-driver that improves organizational competitiveness and market share.
Careful planning and an agile approach to tech adoption will play a key role in enabling manufacturers to lead through innovation, remain compliant with data management regulations, and minimize risks as much as possible moving forward.
As manufacturers remain a popular target for cybercriminals, risks must be reduced through better education of employees and users. Ongoing training and practical guidance will be key to reducing the role played by ‘insider threats’ to business operations. Regular education programs for staff, such as employee security awareness training, are an important and effective security measure to enforce.
When it comes to cloud-based technology and services, these can help businesses remain agile and evolve processes quickly, to respond to changing regulatory compliance. However, as with any tech adoption, guidance and expertise can help ease these changes. It is critical to find a trusted partner that can explain security risks in clear terms and offer potential solutions that will help the business achieve its goals. Furthermore, due diligence and resilience assessment will be key, to avoid any single point of failure or potential vulnerability in the connected factory.
Indeed, performing regular risk assessments will help manufacturers understand where potential risks lie within the network environment, to mitigate the potential threats posed by existing or new technology. Alongside this, standardized risk policies will help ensure that any new technology adoption goes through stringent measures before becoming part of a smart factory set-up.
Technology adoption should be rewarding, not risky. Putting the right processes and safeguards in place now will not only protect your people and data, but also help futureproof business growth and success.