Manufacturing Cybersecurity Threats and How To Face Them
- ByPolk & Associates
- Feb, 26, 2021
- Manufacturing
- Comments Off on Manufacturing Cybersecurity Threats and How To Face Them
Risks to Security in Manufacturing
The number of ransomware incidents involving the manufacturing sector increased 156% between the first quarters of 2019 and 2020. Later in 2020, ransomware actors demanded $17 million from a laptop maker and $34 million from a Taiwanese electronics contract company.
Ransomware isn’t the only threat to manufacturing cybersecurity. Where there’s ransomware, there’s almost always phishing. One campaign that targeted manufacturers, among others, was part of a larger effort to target the COVID-19 vaccine cold chain.
The issue with both ransomware and phishing is digital attackers can use these threats to steal their victims’ data. Malicious actors could compromise a manufacturer’s customer database and leverage those details to conduct follow-up attacks, such as manufacturing data breaches. Or, they could establish a foothold within the network and use that access to scout it out. They could then choose to sell that opening to a competing group, criminal enterprise or nation-state actor. They also could use it to conduct an attack of their own that could compromise business processes.
IT-OT Convergence’s Role in Security Risks
What’s important to note is the impact that these manufacturing cybersecurity issues could have on a business. For years, the impact was minimal. Manufacturing and other industrial sectors had no need to connect their industrial control systems (ICS) to the internet. At that time, the web was still growing. What they needed to do was make sure the physical processes that those ICS were watching were available. So, they kept them offline and away from threats that were beginning to take form.
Now, most businesses have a digital presence. Manufacturing cybersecurity needs are no different. They want real-time data, so they can monitor the state of their physical processes. This helps them perform preventive maintenance on equipment and minimize downtime. In order to do this, operational technology (OT), of which ICS are a type and information technology, are brought together. Manufacturers are turning to the Industrial Internet of things (IIoT) as a means of using the IT side of things to gain crucial insights into the way their OT is functioning.
Best Practices To Adopt To Combat Security Risks
It’s possible to overcome the challenges posed by security issues in the manufacturing industry. Business leaders just need to bring IT and OT together with a bit of care.
- First leverage the C-suite to clarify the roles and responsibilities of both IT and OT teams. They can then use pilot programs and cultural exchanges to slowly begin fostering teamwork between IT and OT. Plus, they can teach teams to share their challenges, needs and viewpoints with one another.
- Augment defenses of your entire system by:
-
- Take inventory of all of your devices. Use that to determine which assets are most important.
- Segment your network in a way that cuts down on risk — to legacy systems most of all — but still allows IT and OT to work together. These segments then give teams smaller sections within which they can implement network access controls along with network monitoring in order to defend against ransomware, phishing and other digital threats.
- Use vulnerability management to patch all of the security weaknesses you can without taking key industrial assets offline.
Through due diligence like this, manufacturing cybersecurity problems can be solved.
Large enough to serve a diverse clientele, yet small enough to maintain a hands-on approach, we are committed to maintaining the highest accounting and ethical standards with continuous education, extensive research resources, and excellent quality control.
Polk and Associates is a member of the Michigan Association of Certified Public Accountants, and the American Institute of Certified Public Accountants. The firm participates in the AICPA Peer Review Program, and has always received the highest level of award for its audit practice and quality control.
Share this:
Comments are closed.