Rising cyber security threats in manufacturing
Cyber professionals say that companies involved in the manufacturing industry are more exposed to cyber-attacks. This was revealed by a number of studies produced by the Manufacturers Alliance for Productivity and Innovation (MAPI). According to MAPI; 40% of manufacturing firms experienced a cyber-attack within the last year. Of those attacked, 38% of them suffered over $1 million in damages.
This research discovered that the majority of the cyber threats experienced by manufacturing organisations were through internal employees being exposed to phishing, direct abuse of IT systems, errors and omissions, and the insecure use of mobile devices. Topping the list of concerns for manufacturers was consumer data, followed by unauthorised leakage of personal information. Most manufacturing organisations have specific intellectual property - it is vital for them to keep this secure, to ensure the data retains its' value.
According to a number of sources, approximately 87% of manufacturing companies have a disaster recovery plan in place for their data security concerns. But only 37% of them have it in a 'documented and tested state'. This highlights that companies are either ignoring the benefits of a data continuity plan in the event of a disaster, or simply showing a blind eye towards business continuity.
With a data continuity plan in place; users are able to shift to a different database, in an event where a cyber-attack takes place on their live database. This database can be located on a cloud platform and can usually be frequently replicated, so the data can be accessed as quickly as possible, following the disaster.
In the instance of a ransomware attack; the CTO's are able to avoid paying ransom for the locked files in their database, due to the presence of duplicate data on a subsequent platform. By keeping their data in an encrypted state (on or off premise), users can avoid giving hackers full direct access to their data, mitigating the consequences of a data-spill.
Here are 5 key areas which are vital to address in the manufacturing industry:
- Executive and Board Engagement - A number of board members in manufacturing organisations have a lot of experience in the industry, but have not been made aware of the new threats. It is vital that all management members are educated appropriately on this new threat their industry is facing, and subsequently, on how to protect their organisations.
- Intellectual Property - Historically organisations kept their designs and intellectual property in a physical safe to secure it. Since technology has advanced, most of these sensitive documents have become data - which is easily moved and accidentally disclosed. Organisations must make sure their confidential data is stored and managed effectively, in order to reduce the risk of potential disclosures.
- Industrial Controlled Systems - Technology and machinery has evolved within the manufacturing industry, with notable advancements in industrial control systems. The majority of industrial controlled systems are designed for a specific purpose and are not secure by design, hence, they are often vulnerable to cyber-attacks. Controls should be put in place to secure and monitor these systems appropriately, so that if there is an incident it can be efficiently contained.
- Connected Products - With the new modern connected world, it is important to realise that some connected devices cannot always be protected effectively. In the manufacturing industry there are a number of machines, controlled by computers, which are running unsupported versions of operating systems because the code used to develop them was designed for a different operating system.
- People - The human element in any organisations can often be overlooked when considering methods to protect against cyber attackers. All security experts say, that an educated individual can be one of the most valuable forms of cyber defence. Unfortunately, this message is often disregarded and does not get through to the unaware employees.