Industry 4.0: A Manufacturing Update That Needs a Security Patch
The manufacturing industry experienced 620 reported cyber attacks in the last year alone – and likely a plethora more that didn’t make it to official reporting. Attacks to manufacturing organizations range from stealing confidential data and intellectual property (IP) on new products and designs to conducting cyber espionage on industrial processes. The majority of data breaches in manufacturing are conducted by nation-states for espionage (including China) making the manufacturing industry the top target for international espionage and the third most-targeted industry overall.
Dubbed “Industry 4.0,” today’s manufacturing industry is computer-automated with 5.5 million new devices connected to the Industrial Internet everyday. While this update provides opportunities to increase productivity, reduce costs, and streamline processes, the efficiencies provided by Industry 4.0 come at an increased risk of a cyber attack. Highly connected “smart factories” provide multiple points of entry and inherent vulnerabilities that can be exploited by attackers. Everytime a sector like manufacturing creates an opportunity it creates a gap; everytime it creates a gap it creates a seam. And everytime it creates a seam it creates a vulnerability. That all adds up to more opportunities for hackers. In order to manage your Industry 4.0 organization, you need to manage these top three areas of risk:
Top 3 Cyber Risks
1. Lack of Effective Executive Oversight
Even the most sophisticated organizations and companies tend to put the onus on their security teams to tell them what needs protecting. In reality, C-Suite executives and the board of directors are likely the only individuals with enough high-level understanding of the enterprise to make major (informed) security decisions.
In essence, officers and directors have the unique responsibility to empower and equip their corporate leadership with a comprehensive strategic understanding of all corporate risks – including cybersecurity issues. Without leadership and education, the leadership can’t possibly expect to be equipped to appropriately address and respond to material cyber incidents. While breaches and cyber incidents in manufacturing may ultimately be inevitable, they are no less inevitable than the physical or financial risks senior executives are already adept at addressing. With structured education and preparation, directors and officers can confidently incorporate cybersecurity into business and risk planning moving forward.
2. Intellectual Property Theft
Protect the crown jewels. The most valuable asset to manufacturers is undoubtedly the key target for nation-states and other cyber threat actors: Stolen intellectual property (IP) and should be considered the greatest cyber risk. Threat actors go after manufacturing companies to steal trade secrets, Research and Development (R&D), business plans and other valuable IP. In 2016, approximately 90% of the industry-stolen data comprised business proprietary information and trade secrets.
3. Intrusions into Industrial Control Systems
Industrial Control Systems (ICS) play a crucial role in manufacturing. ICS operate automated processes, drive efficiency, and ensure employee safety. In the era of “smart” manufacturing, these systems are increasingly connected to the Internet for better monitoring and control. These systems are also incredibly cumbersome to maintain, especially from a security perspective. They are often based on open protocols and old designs; and updating or patching these systems typically mean lost operational time and revenue. Moving to open systems with IP addresses however increases the risk of cyber attacks, such as brute force attacks and malware injection. A successful attack on ICS can have serious impacts and result in operational shutdowns, damaged equipment, as well as major health and safety risks. ICS vulnerabilities are constantly on the rise, and in 2016 cyber attacks on ICS increased by 110%. Unfortunately, many manufacturing companies often do not assess and patch known ICS vulnerabilities in a timely manner and approximately 31% of manufacturing companies have never conducted vulnerability testing for ICS.
Executive and Board Level Engagement
Industry 4.0 manufacturing connects everything from R&D, supply chain, and customer service, therein leaving manufacturers to face the challenging dilemma of managing cyber risk. On the one hand, organizations need to protect integrity of their products and supply chains, but on the other hand, there is a constant pressure to increase productivity and efficiency. To succeed in this environment, manufacturing companies require an actionable strategy, driven by their executives and boards, for securing product lines and ensuring efficiency. To achieve this, leadership must actively govern and manage cyber risk across its enterprise. With the right support from the top, achieving cyber resilience is possible.
What is the first step in generating executive support to address cyber risks? Ensuring that senior leaders have a comprehensive understanding of industry risks and evolving threat landscape. When business leaders can clearly relate cyber risk to business risk, they are more willing to allocate sufficient key resources to support cyber initiatives. Through Cyber Resolve seminars, tabletop exercises, and training programs, N2K can help your manufacturing organization manage and control your cyber risks (call it Industry 4.1, if you’d like). Get in touch with us today to start the conversation or to request a free quote.