Over the past three years, the rise of IoT, cloud computing and automation has made the manufacturing sector the most affected by cyber attacks. What can manufacturers do to better protect themselves against cyber attacks and prevent further financial losses and reputational damage? Cyber resilience requires manufacturers to focus on protecting interconnected OT and IT by controlling data access, network segmentation and constant monitoring.
As the sector most cyber-attacked, with hacking occurring every 39 seconds, it is no surprise that high-profile cyber-attacks are a regular occurrence in the manufacturing industry. In 2022 and 2023, major car manufacturer Toyota was at the center of cyber attacks, with one attack shutting 14 factories for 24 hours due to a virus infecting a file server. During the time the factories were closed, they lost 13,000 vehicles produced – highlighting the importance of cybersecurity for all companies, regardless of size.
Consulting Manager – Security at Columbus UK.
Cybersecurity requires a business effort
A common misconception among many organizations is that security is solely an IT issue, but it impacts customers and employees in factories around the world. Research from Make UK shows that production disruptions are the most common consequence of a cyber attack (65%), with reputational damage coming in second (43%). Additionally, new customers now want assurance on cybersecurity details before signing a contract. How can manufacturers become more cyber resilient?
Manufacturing companies can no longer delegate cybersecurity solely to their Security Operations Center (SOC) teams. Instead, responsibility for security should lie with top management across the organization, with measures introduced at every operational level.
1. It all starts with identifying the areas most vulnerable to cyber attacks
The first step to improving cybersecurity measures begins with assessing the current level of digital preparedness and identifying areas for improvement. But knowing how to spread cybersecurity investments can be challenging. As a top priority, manufacturers must secure the boundary between IT and OT, and this means protecting critical assets and preventing unauthorized access between systems.
Manufacturers can prioritize cybersecurity efforts by quantifying risks and assessing the impact on business operations in the event of disruptions. Without this step, manufacturing companies will build several security systems that do not meet their needs and can lead to inefficiencies and potential safety risks.
Shorten response times by planning ahead
Next come the crucial planning phases. It is important to have a business continuity plan to ensure continuity during critical IT incidents. This allows essential functions to continue for a limited time and manufacturers to more effectively manage supply chain disruption. A structured disaster recovery plan, understood by every employee, should follow to establish plans for rapid responses to cybersecurity incidents and disruptive events, minimizing operational downtime.
Once manufacturers understand where cyber weaknesses lie, it’s time to put defenses into action.
2. Data protection is essential to keep your company’s operations and strategies secure
Manufacturing companies have invaluable data that optimizes operations and drives innovation, but without proper management and security, this data poses a significant security risk. In 2023, the global average cost of a data breach was $4.45 million, an increase of 15% in three years.
Every piece of information, whether suppliers, partners, material quality, stakeholders or finances, can paint a comprehensive picture of a company’s operations, strategies and vulnerabilities. For example, financial data combined with stakeholder information can reveal vulnerabilities in financial systems or potential leverage points for competitors. This is where effective data management policies and procedures, such as clear guidelines for sharing and accessing data, along with strong encryption, can prevent data from falling into the wrong hands.
Data audits can assess the sensitivity and criticality of each data set and evaluate existing security measures and controls. Machine learning and AI technologies can help by identifying pattern anomalies and potential data threats, enabling proactive risk management and threat detection.
3. Move forward now and don’t wait for the next legislation to come into effect
Cybersecurity is not only a way to protect manufacturing operations, but also to protect a company’s brand perception. Manufacturers can boost customer confidence by staying abreast of the latest cybersecurity certifications and regulations, as this signals to the market that the company is prioritizing security.
The Network and Information Security Directive (NIS2) is the next piece of legislation that will impact manufacturing organizations operating in the EU. The directive aims to build on previous regulations by implementing more robust cybersecurity and resilience standards, as well as stricter reporting measures in the event of a security incident – but are manufacturers prepared to comply?
Failure to prepare will leave supply chains vulnerable
Shockingly, only three-quarters of organizations in Britain, France and Germany have completed preparations before the NIS2 implementation date in October 2024. Failure to comply with NIS2 could result in fines of up to €10 million ($10.5 million), or 2% of an organization’s global annual turnover, it is important that manufacturers assess how well existing cyber measures will comply with upcoming legislation.
As NIS2 aims to address the security of supply chains, companies will need to manage cyber security risks associated with suppliers and ensure that appropriate security measures are in place throughout the supply chain. This offers companies the opportunity to strengthen supply chains and build resilient relationships with trusted suppliers.
4. Access control prevents the spread of infections
The connectivity between OT and IT environments allows employees to work across different interfaces, but also creates new risks for workstations. An infected work terminal can become a stepping stone into the production environment through lateral movement. This is why manufacturers must control access to operational technology and monitor network interfaces.
Access management can help manufacturers introduce new authorization measures, such as multi-factor authentication, that ensure employees only access what they need, when they need it, and from approved locations.
The rise of hybrid workers calls for better safety measures
With more and more people working remotely and on their personal devices, it is also important to consider the security implications of non-compliant devices. This is where stronger access controls and authentication methods can protect sensitive data and systems from potential threats.
5. Adopt a culture where safety comes first
According to IBM’s X-Force Threat Intelligence Index report, embedded scripts in OneNote files, malicious links in PDFs, and executables disguised as document files are the most popular methods used by threat actors. All signs indicate that cyber threats are increasingly entering through a company’s first line of defense: their employees. So how can manufacturers create a human firewall?
Cybersecurity measures are only effective if employees understand the best practices. This is where comprehensive training programs can help prepare employees with the knowledge and skills to adapt and excel with more secure workflows.
Don’t make employees’ lives more difficult
As with training programs, employees will only implement proper cybersecurity practices if they can do so easily. Robust access management processes, supported by efficient tools, can reduce employee delays and frustrations while helping manufacturers maintain security standards. For example, single sign-on, which consolidates access to different systems under one account, improves security and adheres to zero-trust practices without sacrificing user convenience.
A new safe era for production is upon us
Manufacturers cannot be distracted by the new production pressures as additional investment in cybersecurity will be key to unlocking higher production.
One weak link could allow a cyber attack to enter the factory and attack their systems with catastrophic consequences. Manufacturers must act now to increase their cybersecurity measures and prevent the next attack before it is too late.
We reviewed the best Enterprise Resource Planning (ERP) software.
This article was produced as part of Ny BreakingPro’s Expert Insights channel, where we profile the best and brightest minds in today’s technology industry. The views expressed here are those of the author and are not necessarily those of Ny BreakingPro or Future plc. If you are interested in contributing, you can read more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro