A recent survey, carried out by industry body EEF, revealed that almost half of UK manufacturers have been victims of a cyber-attack. Indeed, of the 48 percent that reported being subject to a cyber-security incident, half had suffered some degree of financial loss or disruption to their business as a result.
Worryingly, 45 percent of respondents to the survey felt that they did not have the right tools at their disposal to deal with a cyber-attack and its fallout, and more than one in ten admitted to not having the necessary technical or managerial processes in place for either assessing or mitigating risks.
According to the survey, the manufacturing industry is the third most targeted for cyber-attacks, just behind the public sector and financial businesses. And with the recent ongoing growth of the Industrial Internet of Things (IIoT), and the potential security risks that accompany it, its vulnerability could well be set to increase. The need for manufacturers to prioritise cyber-security has therefore never been more important.
Serious responsibility
Our own recent survey revealed that the majority of business leaders saw a clear association between manufacturing and Industry 4.0, a term now popularly used to describe the increased use of web-connected industrial processes, employing software, robotics and advanced automation for greater productivity, quality and efficiency.
Many of the platforms, tools and systems involved in the automation of essential manufacturing processes – a key aspect of this new paradigm – will often have access to sensitive corporate information, the privacy of which has been thrown into sharp focus following the introduction of the GDPR in May this year.
What’s more, many customers will share CAD models and business contact information with their manufacturing partners. Digital manufacturers are, therefore, entrusted with some of a business’s most precious information – its intellectual property – a responsibility that every organisation should take extremely seriously.
As we’ve seen, however, with high-profile data breaches making the headlines on an almost daily basis, this information can be vulnerable to compromise if an organisation fails to put adequate protection in place.
Remaining secure and compliant
The primary goal of any manufacturer’s security team should be protecting the privacy, confidentiality, integrity and availability of the data systems which are critical to their process, especially with regard to compliance with Article 32 of the GDPR which also requires businesses to have “the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident”.
There is, unfortunately, no one single solution that is able to safeguard against the new attack vectors being opened up by the IIoT and Industry 4.0. Indeed, it is thought that the massive Mirai botnet behind the DDoS attack which took down a large part of the internet in October 2016 was made up of up to 2.5 million devices at one point.
It is up to manufacturers to ensure that the systems, procedures and knowledge are in place that will allow them to protect sensitive data, detect active threats, and mitigate against any outside risks to their networks and IT infrastructure. Given the number of potentially vulnerable endpoints – from connected sensors and device on the factory floor, to customer-facing CAD systems and all points in between – security teams must work collaboratively with various lines of business throughout their organisation to manage risks.
They should take a layered approach to security, employing a range of tools and techniques from firewalls to intrusion detection and prevention systems, from anti-virus to DNS-based security solutions and, importantly in light of the number of connected IoT devices, 24/7 network monitoring tools. After all, it’s impossible to protect against what you can’t see.
What’s more, it’s important that all employees, whether on the shop floor or on the board, are given regular and up to date security awareness training to improve their cyber-security skills and awareness.
Industry 4.0 and the ongoing evolution in advanced manufacturing techniques and technology represent considerable benefits for manufacturers, particularly those under pressure to deliver high quality parts and products on a rapid turnaround. Cyber threats are evolving at the same pace, however. For manufacturers to enjoy these benefits, while remaining secure and compliant with the latest data privacy legislation, they must invest in the most robust and effective protection solutions, and in ensuring their staff remain mindful of the ever-changing threat landscape.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.