For the past three years, the rise of IoT, cloud computing, and automation has made manufacturing the most cyberattacked industry. So, what can manufacturers do to become more secure against cyberattacks and avoid further financial loss and damage to their reputation? Cyber resilience requires manufacturers to focus on protecting interconnected OT and IT by controlling data access, network segmentation, and constant monitoring.
With it being the most cyberattacked industry and hacking occurring every 39 seconds, it’s no surprise that high-profile cyberattacks are a regular occurrence in the manufacturing industry. In 2022 and 2023, major car manufacturer Toyota was the center of cyberattacks, with one attack leaving 14 factories shut for 24 hours due to a virus infecting a file server. In the time the factories were shut they lost out on 13,000 vehicles being manufactured – highlighting the importance of cybersecurity to all companies no matter their size.
Consulting Manager – Security at Columbus UK.
A company effort is required for cybersecurity
A common misconception among many organizations is that security is solely an IT problem, but it impacts customers and employees in plants around the world. Make UK research found that production stoppages were the most common result of a cyberattack (65%), with reputational damage ranking second (43%). What’s more, new customers now want reassurance on details of the cybersecurity in place before signing contracts. So how can manufacturers become more cyber resilient?
Manufacturing businesses can no longer delegate cybersecurity solely to their Security Operations Centre (SOC) teams. Rather, accountability for security should rest with top management across the organization with measures being introduced at every operational level.
1. It all starts by identifying the area’s most vulnerable to cyber attacks
The first step to improve cybersecurity measures begins with an assessment of the current level of digital readiness and an identification of areas for improvement. But knowing how to spread cybersecurity investment can be a challenge. As a top priority, manufacturers need to secure the boundary between IT and OT, and this involves safeguarding critical assets and preventing unauthorized access between systems.
Manufacturers can prioritize cybersecurity efforts by quantifying risks and assessing the impact on operations in case of outages. Without this step, manufacturing companies will accumulate several security systems that don’t meet their needs and can lead to inefficiencies and potential security risks.
Cut down on response times by planning ahead
Next up is the crucial planning stages. It’s important to have a business continuity plan to ensure continuity during critical IT incidences. This will enable essential functions to continue for a limited time and help manufacturers manage supply chain disruption more effectively. A structured disaster recovery plan, understood by every employee, should follow to establish plans for swift responses to cybersecurity incidents and disruptive events, minimizing operational downtime.
Once manufacturers understand where the cyber weaknesses are, it’s time to put the defenses into action.
2. Data protection is key to keep your businesses operations and strategies safe
Manufacturing companies possess invaluable data that optimizes operations and drives innovation but without proper management and security, this data poses a significant security risk. In 2023, the global average cost of a data breach totaled USD 4.45 million, a 15% increase over 3 years.
Each piece of information, whether about vendors, partners, material quality, stakeholders, or finances can paint a comprehensive picture of a company's operations, strategies, and vulnerabilities. Financial data coupled up with stakeholder information for instance, could expose vulnerabilities in financial systems or potential points of leverage for competitors. This is where effective data governance policies and procedures such as clear guidelines on data sharing and access, along with strong encryption, can prevent data from falling into the wrong hands.
Data audits can assess the sensitivity and criticality of each dataset, and evaluate existing security measures and controls. Machine learning and AI technologies can help here by identifying pattern anomalies and potential data threats, enabling proactive risk management and threat detection.
3. Get ahead now, don’t wait for the next legislation to come into effect
Cybersecurity is not only a way to protect manufacturing operations as it safeguards a company’s brand perception. Manufacturers can reinforce customer trust by staying up-to-date on the latest cybersecurity certifications and regulations as it signals to the market that the company prioritizes security.
The Network and Information Security Directive (NIS2) is the next legislation set to impact manufacturing organizations that operate in the EU. The Directive aims to build on previous regulations by implementing more robust cybersecurity and resilience standards, as well as more stringent reporting measures in the event of a security incident – but are manufacturers ready to comply?
Failure to prepare will leave supply chains vulnerable
Shockingly, only three-quarters of organizations across the UK, France, and Germany have yet to complete preparations ahead of the NIS2 implementation date in October 2024. When failure to comply with NIS2 can lead to fines of up to €10m ($10.5m), or 2% of an organization's global annual revenue, it’s important that manufacturers assess how well existing cyber measures will comply with the upcoming legislation.
As NIS2 aims to address the security of supply chains, companies will need to manage the cybersecurity risks associated with suppliers and ensure that appropriate security measures are in place throughout the supply chain. This presents an opportunity for companies to strengthen supply chains and build resilient relationships with trusted suppliers.
4. Access management prevents infection spreading
The connectivity between OT and IT environments allows employees to work across interfaces but it also creates new risks for workstations. An infected work terminal can become a stepping stone to the production environment through lateral movement. This is why manufacturers need to control access to operational technology and monitor network interfaces.
Access management can help manufacturers introduce new authorization measures, such as multi-factor authentication, that ensure employees only access what they need, when they need it, and from approved locations.
The rise of hybrid workers calls for improved security measures
With more people working remotely and on their personal devices, it’s also important to consider the security implications of non-compliant devices. This is where stronger access controls and authentication methods can keep sensitive data and systems safe from potential threats.
5. Adopt a security-first culture
According to IBM’s X-Force Threat Intelligence Index report, embedded scripts in OneNote files, malicious links in PDFs, and executables disguised as document files are the most popular methods used by threat actors. All signs indicate that cyber threats are more likely to come through a company’s first line of defense – their employees. So how can manufacturers create a human firewall?
Cybersecurity measures are only effective if employees understand best practices. This is where comprehensive training programs can help prepare employees with the knowledge and skills to adapt and excel with more secure workflows.
Don’t make life harder for employees
As with training programs, employees will only carry out proper cybersecurity practices if they are able to do so with ease. Robust access management processes supported by efficient tools can reduce delays and frustration for employees while helping manufacturers maintain security standards. Single sign-on for instance, which consolidates access to various systems under one account, improves security and adheres to zero-trust practices without sacrificing user convenience.
A new secure era for manufacturing is on the horizon
Manufacturers cannot get side tracked by new production pressures as additional cybersecurity investment will be key to unlocking increased production.
One weak link could allow a cyber attack to enter the factory and attack their systems with catastrophic effect. Manufactures must act now to increase their cybersecurity measures and prevent the next attack before it’s too late.
We've rated the best Enterprise Resource Planning (ERP) software.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro