The Key to Defending the Manufacturing Industry Part 1
Cybercrime is on the rise, and the average organization’s ability to protect themselves is decreasing. According to recent research1, the number of unfilled cybersecurity jobs will reach 1.5 million by 2019, hundreds of thousands of new malware samples are appearing every day, and the average cost of a single data breach will exceed $150 million by 2020 due to the increasingly interconnected infrastructure of every business.
This rise in the volume, complexity, and damage of cyber threats is impacting nearly every organization, in every geography, in every industry. But there is one industry where cybercrime as emerged as a particularly large challenge to overcome—both because they are opening themselves up to new threats at an alarming rate, and because cybercriminals have turned a disproportionate amount of attention towards them.
The industry is manufacturing, and in part 1 of this article we will explore why manufacturing companies have a particularly challenging time with cybersecurity, and why the industry’s current approach to raising next-generating cyber defenses just isn’t working.
Why Cybersecurity is a Particularly Large Problem for Manufacturing Companies
In the first half of 2017, nearly one third of all cyber-attacks targeted an industrial control system (ICS) of a manufacturing company, according2 to a Kaspersky Lab report. These attacks were inflicted on ICS computers in 63 different countries, and demonstrated how relatively “weakly protected industrial systems are”, and what rampant targets they are for cybercriminals. In fact, last year the manufacturing sector emerged as the second most-hacked industry (behind healthcare).
But manufacturers have become particularly common targets for cybercriminals due to their transition to Industry 4.0—and, in the process, their increased adoption of the cloud, mobile, data analytics, and the Internet of Things. Manufacturers are adopting these technologies to collect data at each point in their production process to learn how, and where they can improve the efficiency of their processes. But at the same time, these tools are creating a larger attack surface for cybercriminals, opening countless new vulnerability points for these hackers to exploit, and creating increasingly complex digital systems for malicious programs to hide within.
A successful cyberattack can harm4 manufacturers worse than many other industries. 21% of manufacturers have lost intellectual property due to a cyberattack, while a compromised production process can lead to costly, time-consuming product recalls. And the manufacturer themselves are not the only potential victim—a successful supply chain attack can spread malware to many different organizations from a single compromised site.
Manufacturers can no longer afford to continue to evolve their production processes without evolving their cyber defenses as well.
The State of Cybersecurity in Manufacturing
Most manufacturers are aware of the need to upgrade their defenses, but few have taken a serious, comprehensive approach towards bringing next-generation protection to their organizations. According to a recent report5 by Cisco, 28% of manufacturers lost revenue due to cybersecurity attacks over the prior year, and 95% of manufacturing security professionals have improved their organization’s defenses due to a breach.
However, the report also found that one major cybersecurity issue was being untreated by security professional in manufacturing—few had developed visibility into which IoT devices were connected to their networks. They had not even mapped where their vulnerability points were, let alone set up systems to actively monitor and hunt for threats within those entry points.
The surveyed manufacturing security professionals were aware they had a problem, but their attempts to solve it revolved around hiring a plethora of security vendors, and purchasing multiple products from each, creating increased confusion and complexity within their attempts to create a strong security posture. And despite the wealth of vendors many manufacturing organizations hired, 40% of these organizations still lacked a formal security strategy—let alone a comprehensive, next-generation security posture capable of defending their increasingly complex systems.
The Next Security Step You Need to Take to Defend Your Manufacturing Company
The security challenges facing manufacturing companies are real, and technology leaders at these companies should be commended—not shamed—for their efforts at recognizing and taking real action to meet these challenges.
But at the same time, these technology leaders also have to make an honest evaluation of their efforts, and admit that there is still work to be done. It’s clear a piecemeal effort to secure their manufacturing companies is not sufficient, and a new solution needs to be considered.
In part 2 of this article, we’ll discuss one such solution that can quickly, easily, and cost-effectively bring next-generation security to manufacturing companies.
Sachin Varghese is EVP AMERICAS & CMO at Paladion. He has over 18 years of experience in Cyber Security, and has helped several leading enterprises in North America and Europe build resilient cyber security frameworks.