How manufacturers can reduce cyber risk and prepare for cyber attacks
Manufacturers need to be careful of unwanted attention
Cyber attacks are growing in the manufacturing industry
In 2017, there were two cyber attacks: WannaCry in May and Petya in June. These attacks cause significant damage in a lot of countries and in majororganisations . And it could happen again. The World Economic Forum’s (WEF)2018 Global Risks Reportpointed cyber risk as the third most likely cause of damage to businesses this year.
Currently, around 8.4 billion devices are connected to the internet. And the number is growing as we speak. By 2020, it’s expected to reach 20 billion.
Every day, there are more and more opportunities for individuals with malicious intent to gain access to systems and networks.
Every device connected to the internet can help hackers gain access to your business
Nearly 35% of the overall usage of the Industrial Internet of Things until 2025 is from the manufacturing industry. Manufacturers need to be aware of the threats and how to recover if an attack happens.
If your customers doubt your ability to run efficient operations, you’ll lose their trust. You need to have a plan to manage a crisis.
What damages result from cyber attacks?
Cyber attacks can cause physical damage, non-physical damage, or both. An attack can be focused on data, like stealing intellectual property (unique processes or trade secrets). It could be to create physical damage by making machines to malfunction or halt completely. Make a boiler overheat and explode. Either one can have a major impact on the business.
The average cost of a successful cyber attack in the manufacturing industry is about $5 million USD.
Technology, people, and processes are the main components of a business. If one falters, the rest can’t perform.
Human error often stands out - an employee clicking a link on an email is all it takes.
Not every employee knows the risk of opening emails from unknown sources
You can’t assume all your employees know about the latest technologies in the workplace. Spend time giving them the knowledge about technology and to understand threats. So you need to start with your employees and make sure everyone knows about the latest security threats.
How to reduce the risk of an attack
To reduce risk and recover quickly after an attack, you have to build resilience in yourorganisation . It’s a way of improving awareness of the whole business and making sure vulnerabilities are taken care of. This will allow you to recover quickly and minimise disruption, revenue loss and the loss of your reputation.
Cyber risks evolve so fast that is almost impossible to protect yourself from every single threat. So resilience is your greatest ally.
You can reduce cyber risk in your company by:
Training employees - help them avoid phishing and other email-based attacks
Equipment - all internet connected devices must be updated with the latest security features and patches
Review your facilities - check your security systems to make sure nounauthorisedindividuals can get access
Back-ups - create back-ups of valuable data and keep them off-site
Manual overrides - make sure your machinery can be deactivated manually before causing damage
Business Plan - make a business continuity plan explaining how to respond after an attack
Technology is your biggest asset and weakness
Over the years, digital technology has been present in manufacturing processes. Now, the manufacturing industry is one of the most advanced in the world because of it. Robotics and sensor technology are common. They allow insights in real time and are heavily relied on. Increased automation, complex supply chains,and data-rich production cycles make the industry vulnerable to cyber attacks.
By the end of 2018, there’ll be 1.3 million robots in factories worldwide. They help with operational efficiencies and open up many security risks. Various sensors pour data into systems to give a real-time view of operations. Leaders can monitor data flowing between machines, people, and devices. But, automation is a risk. You have to evaluate the robustness of the core technology. The IT teams need to have back-ups of their data and have action plans in place to keep with production and recover data.
Malware is deployed once a device is compromised. Hackers can gain control through only one device connected to the network.
Robots are very useful. But you have to ensure they are secured
If a hacker manages to access the software, it could shut-down your operations completely. From an industrial robotic arm malfunctioning to gaining access to the business’s security networks. The costs can be unimaginable. For example, a stoppage in a car manufacturing plant can cost £10,000 per minute. The most recent attack, the NotPetya ransomware, is estimated to cost $1.2Bn.
While 67% of IT Decision Makers are confident they’re prepared for a cyber attack, the headlines tell a different story. The industry is in danger of becoming complacent.
Investments in manufacturing are focused on cost reduction and safety issues leaving security behind. It’s important to match the investment for security, as risks increase with the new technologies.
In sum, you need to build resilience to avoid being an easy target. And don’t let security take the back seat. Invest as much as you do with cost reduction and safety.