Cybersecurity and Manufacturing – Keeping Critical Information Safe From Attackers
June 22, 2020
We all know that we’re supposed to back up our data and secure our devices against attack. But too often we put it off until it’s too late. We’re busy, and we’ll get to it another day. And then, one day, we turn on our device, look for a file, and realize something is wrong. We’ve been hacked.
The thought of losing our files, pictures, and data is scary. Scale that up to an entire company and the consequences can be severe. Think about the amount of critical and sensitive information the typical manufacturing facility has access to. Sensitive customer records, design and engineering data, intellectual property, and industrial control systems for high risk manufacturing processes – there’s a lot to lose. As new technologies and connected devices continue to be installed in production environments, the need for a proactive, comprehensive approach to cybersecurity grows as well.
How Industry 4.0 is driving new security requirements
Industry 4.0 is a common term for the technological revolution that is happening across the entire manufacturing sector. New technologies, sensors, data and analytics, and advanced robotics have the potential to significantly enhance productivity, lower costs, improve product quality, and increase operational efficiencies.
This requires a complex mix of networks, back-office software and applications, Industrial Internet of Things (IIoT) devices, generations of control systems, and a variety of other systems and equipment. Each device or system that connects to the Internet represents a potential vulnerability that hackers can use to access the internal network, and unsecured IIoT devices, sensors, or machines can become an easy target.
Malicious actors are constantly evolving and changing their approach. Infected USB sticks are among the most common ways for attackers to breach a facility, while phishing and other behavioural attacks trick employees into clicking on links or files that introduce malware or other software. Once in, attackers can remain undetected for weeks or months. IBM found that, on average, it takes companies 241 days to identify and contain a breach. During this time, attackers can steal data, disrupt critical infrastructure, monitor systems, and even take control of and physically damage equipment.
The cost of a breach is massive
In 2019, IBM found that the average global cost of a data breach was $3.9 million. In Canada, this average rises to $4.4 million, and for industrial companies, it rises further to $6.9 million.
The cost of a breach takes years to fully realize. The IBM report showed that the loss of customer trust following a breach was the largest contributor to the total cost. Compromised industrial companies can expect to see abnormal customer turnover of 3.3 percent after a successful attack as customers take their business elsewhere.
While the average cost is high, individual costs can vary greatly. A 2017 virus destroyed the information systems it infected, leading one large logistics company to lose $300 million. What’s more, they were not even the original target of the attack. Instead, they were collateral damage as the infection spread through the supply chain and shared systems of the company that was originally hit.
Taking a proactive approach to cybersecurity
When it comes to security, it is impossible to be reactive. Once an attack has taken place the damage is already done. Instead, manufacturers need to be proactive and consider how they are securing their entire facility. From the devices used by employees on the shop floor to the sensors monitoring equipment to the software used by management, security needs to be at the forefront of the conversation every step of the way.
Unfortunately, a recent report found that only 16 percent of industrial companies had fully deployed a security automation system, while 57 percent hadn’t deployed any security automation system at all. Globally, industrial companies ranked last among all industries.
It is critical that manufacturers bring in the right people with expertise in cybersecurity, either by building a team internally or partnering with a cybersecurity firm. These experts can ensure that companies follow industry best practices, stay on top of security trends and technologies, and identify and address the specific needs of their organization. Depending on the market segment, they may also help manufactures meet regulatory and compliance requirements for data and other sensitive information.
The time for security is now
As technology, data, and connectivity play a greater role in manufacturing, the risk of attack is constantly increasing. A large-scale data breach that disrupts operations and results in the loss of sensitive data or critical information can be a devastating blow that can take years to recover from. Manufacturers of all sizes must think about how they are securing their facilities against attack and ensure that they are prepared in case the unexpected happens.