Security has always been a vital issue for manufacturing firms, but the threat of cyber attacks requires ever more sophisticated preventative measures.
If your firm hasn’t stepped up its game, it’s vulnerable to all sorts of predators. That could leave it open to financial losses, production delays and, in a worst-case scenario, failure.
Threats from Synergies
Technological advances, including the Internet of Things (IoT), continue to dominate the manufacturing sector. To increase the benefits of technology, manufacturers typically unify operations and business processes in some manner. A logical approach is to coordinate Internet technology (IT) functions that control the business with operational manufacturing technology.
The synergies of this approach are obvious, but security risks are increased. With systems being connected through the IoT, new entrance points have opened up to cyber criminals. And this has led to a corresponding rise in the number and severity of cyber attacks.
For instance, an industrial IoT environment may feature sensors at various locations at a manufacturing plant. Although they provide a valuable stream of business and operating data, the sensors are gateways to critical infrastructure and processes. Sophisticated hackers can now enter a system, seize data, cause malfunctions or otherwise use the information for their own purposes.
Countering the Attacks
How can you best protect your firm from cyber attacks at this defining moment in time? Here are four practical suggestions.
1. Employ best practices.
Increasingly, cyber attacks are being conducted on a geopolitical level, involving foreign nationalists and governments that have massive resources at their disposal. This spans many industries and triggers protocols on a national level.
For U.S. manufacturing firms, the groundwork for current best practices was laid in 2013 when the National Institute of Standards and Technology (NIST) was directed to develop the framework for an authoritative source. According to a 2016 study, 70% of the organizations view the NIST Cybersecurity Framework as the most popular best practice for IT. Other countries have followed suit by adopting similar standards or are actively working on their own versions.
These national standards create a methodology for addressing cybersecurity issues. They focus on common sense risk analysis, risk tolerance assessment and risk avoidance. Other industry standards outside of government direction can provide protection. Notably, IEC 62443 is a robust standard for industrial automation technology that can safeguard operations across multiple layers.
Nevertheless, cyber threats change daily, so these standards are constantly being updated. It is essential to keep close track of new protocols and standards signifying best practices.
2. Study the financial aspects.
Virtually every manufacturer recognizes the risks of cyber attacks in the current environment. But firm management needs to assess these problems in terms business owners can truly understand: dollars and cents.
Simply put, it’s time to shift the conversation from the fears of a cyber attack to protecting the bottom line. Data breaches cost manufacturers billions each year worldwide, not to mention the damage to reputations. Also, insurers may limit how much coverage that can be acquired for cyber attack protection. In some parts of the world, insurance premiums are based on responses to questions about how the firm is adhering to cybersecurity best practices.
By its very nature, cybersecurity is expensive. But managers must invest enough to protect overall interests or risk losing the company entirely.
3. Perform risk management.
Once business leaders buy into the premise that better cybersecurity is worth the investment, they can move to protect their interests. This means determining the size of the gap that needs to be closed.
For starters, ascertain the value of manufacturing processes and company assets to the company. This involves a calculation of the size of the security risk. For example, if the plant were forced off-line for a week due to a cyber attack, what would the dollar loss be?
Each firm is different, so you must figure out how to integrate security risk management functions into the infrastructure. These functions can take the form of risk avoidance, mitigation, acceptance or transference. Then you can address the gaps specific to your operation and plant.
Also, remember that people are the first line of defense. Security must be incorporated into everything from personnel screening to employee training. Every employee must take ownership of their own security, adhere to industry standards and follow vendor documentation for system configuration. Finally, develop a corporate culture that emphasizes security.
4. Continue to adjust.
This isn’t a “get it and forget it” proposition. Your cybersecurity plan should be a living, breathing document that is analyzed on a regular basis and updated when necessary. Programming elements, such as threat monitoring and bug patching, must be continuing. Cybersecurity risk management isn’t a single event, it’s a long play.
In the past, you may have said, “If it ain’t broke, don’t fix it.” But that doesn’t work anymore. The safety of your business, and ultimately its future profitability, depends on your plan.
Emphasize the suggestions outlined above and keep up with evolving industry standards. Don’t wait for a catastrophe to strike before you adopt sufficient protective methods. If you need assistance in implementing these objectives, consult your business advisors.
How Bad is the Problem?
The statistics don’t lie. About half of the country’s manufacturers have been hit by a cyber attack.
According to a 2018 report from the UK manufacturers’ organization EEF, 48% of UK manufacturers surveyed have suffered cyber attacks, with half of those victims sustaining financial or other business losses. Managed security services firm NTT Security, in its 2018 Global Threat Intelligence Report, identified manufacturing as the fourth-most targeted industry, trailing only finance, technology, and business and professional services.
As attacks have risen, so have the damages. According to a report from the nonprofit consortium Alliance for Manufacturing Foresight, about 400 manufacturers were attacked every single day in 2016, resulting in more than $3 billion in losses.
