Threats against cybersecurity are always evolving, but is the industrial sector rising to the challenge?
According to a recent FM Global survey of senior-level financial executives across multiple industries, cyberattacks and data breaches happen nearly as often, if not more often, than events involving equipment failure and natural disasters. However, while one-third of businesses guard themselves against machine breakdown and severe storms with sound strategies, fewer than one-quarter do the same for cyberthreats.
cyberattacks and data breaches happen nearly as often, if not more often, than events involving equipment failure and natural disasters
In industries such as custom manufacturing and industrial machinery manufacturing, where connected technology has advanced rapidly, similar oversights have already proved ruinous to businesses financially. A recent survey conducted by Deloitte and the Manufacturers Alliance for Productivity and Innovation (MAPI) found 4 out of 10 manufacturing companies experienced cyber breaches in 2016. Thirty-eight percent of those incidents ended in losses of more than $1 million each.
What kinds of cyberattacks should the industrial sector begin preparing for now if business therein have not already?
1. Hacking of production equipment
Automation in robotics and other technologies has led manufacturers into an industrial renaissance, but insecure programmable equipment also places companies at high risk in many ways, some more seismic than others.
Yes, smart technology on the production line may contain intellectual property and/or valuable proprietary data. Yes, a hijacked machine could injure workers, destroy production assets and chew through thousands of dollars' worth of materials before it is disconnected from its bad actor. Any of these events alone would constitute a catastrophe for whatever company was unlucky enough to experience them.
But things get worse from there.
hackers can subtly change how production equipment performs, thereby producing inferior products that could easily go unnoticed until long after a victimized business has lost its good name.
Recent analysis from Trend Micro and Politechnico di Milano (the Polytechnic University of Milan, Italy) found hackers could use freely available internet-scanning tools to find unsecured servers, connect to industrial robotics and upload command protocols that force those devices to deviate from standard operating procedures set by programmers. In layman's terms, as described in an article from Wired, hackers can subtly change how production equipment performs, thereby producing inferior products that could easily go unnoticed until long after a victimized business has lost its good name.
Trend Micro and Politechnico di Milano will explain their findings in greater detail at the Institute of Electrical and Electronics Engineers Symposium on Security and Privacy later this month. Until then, industrial equipment users should begin brainstorming methods for instituting data quality checks on machine specifications that won't rob their businesses of valuable uptime.
2. Insecure integration with suppliers
There is only so much an industrial sector organization can do internally to protect itself against cyberthreats when so many attacks start outside its facilities. According to research from the SANS Institute, about 8 out of every 10 security breaches begin somewhere along the supply chain. Manufacturers are therefore only as safe as their weakest supply chain partner.
Luckily, many businesses have already seen success in combating these issues with a renewed commitment to transparency among supply chain partners. If, at the negotiation table, both the supplier and the manufacturer set down guidelines for operations that include immediate updates when things go awry upstream, both can work in concert to root out vulnerabilities.
Full transparency and collaboration, however, include discussing situations that may appear isolated, like an instance of unauthorized personnel attempting to access materials or a temporary distributed denial of service attack on a company website. Either of these events could have serious repercussions for manufacturers and end users, but both the vendor and the manufacturer must find efficient methods for communicating such information. Otherwise, they will spend more time poring over details than actually producing to demand.
3. Mismanaged mobile devices and industrial internet of things (IIoT) technology
Every smartphone, tablet, sensor or internet-connected machine presents manufacturers with new avenues through which to experience and utilize the data they glean from their operations. But just as the network of distributed information grows within an organization, so too do the risks. Symantec research revealed that in the wake of 2016, mobile device users have more than 600 security vulnerabilities to deal with, as well as around 3,600 variants on mobile malware from years past.
Good news: The study also found that the number of disclosed vulnerabilities to industrial control systems was lower in 2016 than in the previous two years. As custom and industrial machinery manufacturers move to mobile operations, they must continue to uphold strong precedents regarding enterprise mobile management, which in turn protect critical connected ICS technology.
Generally speaking, every good EMM strategy covers two broad areas of security: the technical and the behavioral. Those charged with overseeing industrial enterprise mobility assets must ensure tech and app providers do their part by patching their products against the latest threats. At the same time, these on-site cybersecurity managers must train operators, technicians and indeed users of any type on proper utilization and what to do in the event their device has been compromised. Better still, what can these supervisors do to efficiently manage both sides of the mobile security coin using automation and intelligent deployment?
Already implemented EMM at your industrial business, but aren't quite sure how to perfect it? Check out our latest article on how to tighten your EMM. For more information on the future of custom manufacturing, industrial machinery and other major players in the industrial sector, download our eBook, Unbounded Manufacturing.