Manufacturing has opened the door to cyber threats – how to get cyber-savvy. By Reidar Boldevin
The rise of digital technologies such as IoT, cloud computing, and automation has left manufacturing systems exposed to cyber threats. As a result, the industry has been the most cyberattacked sector for three consecutive years. To avoid further financial and reputational damage, manufacturers must manage their Operational Technology (OT) and Informational Technology (IT) by segmenting networks, controlling access, and constantly monitoring their systems.
From the top to the bottom – everyone needs to be cyber-savvy
Cybersecurity is more than just an IT problem! Manufacturers need to view cybersecurity differently and that starts by not delegating it to Security Operations Centre (SOC) teams, but by implementing measures across all business operation levels.
Highlight the cyber weak areas
First, manufacturers must assess the current level of digital readiness with a digital awareness check. As a top priority, manufacturers need to secure the boundary between IT and OT, and this involves safeguarding critical assets and preventing unauthorized access.
Manufacturers can prioritize cybersecurity efforts by quantifying risks and assessing the impact on operations in case of outages. Without this step, manufacturers will accumulate several security systems that don’t meet their needs, and this can lead to inefficiencies and potential security risks.
Preparation is key to recovery
It’s important to have a business continuity plan for critical IT incidents. This will enable essential functions to continue for a limited time and help manufacturers manage supply chain disruption more effectively. A structured disaster recovery plan, understood by every employee, should follow to establish plans for response to cybersecurity incidents and minimize operational downtime.
Data is king, effective data governance will treat it like one
Manufacturing companies possess invaluable data that optimizes operations and drives innovation but without proper management and security, this data poses a significant security risk. Every piece of information can paint a comprehensive picture of a company’s operations, strategies, and vulnerabilities. This is where effective data governance policies and procedures can prevent data from falling into the wrong hands.
Data audits can assess the sensitivity and criticality of datasets and evaluate existing security measures and controls. Machine learning and AI technologies can help here by identifying pattern anomalies and potential data threats, enabling proactive risk management and threat detection.
Stay one regulatory step ahead
Cybersecurity can also safeguard a company’s brand perception. Manufacturers can reinforce customer trust by staying up-to-date on the latest cybersecurity certifications and regulations to show the market that the company prioritizes security.
The Network and Information Security Directive (NIS2) is the next legislation set to impact manufacturing organizations that operate in the EU. The directive aims to build on previous regulations by implementing more robust cybersecurity and resilience standards, as well as more stringent reporting measures.
Prepare to withstand supply chain disruptions
To complete preparations for NIS2, companies will need to manage the cybersecurity risks associated with suppliers and ensure that appropriate security measures are in place throughout the supply chain. This presents an opportunity for companies to strengthen supply chains and build resilient relationships with suppliers.
Control access to lock down any weak links
The connectivity between OT and IT environments allows employees to work across interfaces but it also creates risks for workstations. An infected work terminal can become a stepping stone to the production environment. Access management can help manufacturers introduce authorization measures that ensure employees only access what they need, when they need it, and from approved locations.
The rise of home offices adds a new cybersecurity challenge
With more people working remotely and, on their devices, it’s important to consider the security implications of non-compliant devices. This is where stronger access controls and authentication methods can keep sensitive data and systems safe from potential threats.
Defend from the front with a cyber-secure mindset
According to IBM’s X-Force Threat Intelligence Index report, cyber threats are more likely to come through a company’s employees. Cybersecurity measures are only effective if employees understand best practices – so it’s important to train employees to adapt and excel with more secure workflows.
But don’t let measures affect workflow
Robust access management processes supported by efficient tools can reduce delays and frustration for employees while maintaining security standards. Single sign-on for instance, which consolidates access to various systems under one account, improves security and adheres to zero-trust practices without sacrificing user convenience.
Securing the new line of digital defense in manufacturing
As much as manufacturers want to prioritize connectivity to boost production, this will only be achievable by also prioritizing cybersecurity! One cyber slip-up could have catastrophic effects, which is why manufacturers must act now to prevent the next cyber-attack.
Reidar Boldevin
Reidar Boldevin is Consulting Manager – Security at Columbus, a global digital consultancy specialized in solving complex challenges for customers in the manufacturing, retail & distribution, food & beverage, and life science industries. With over 1600 digital advisors in more than ten countries, it delivers business-critical solutions in areas such as CloudERP, Data & Analytics, Application Management, Digital Commerce, Cybersecurity, AI Innovation, and ESG. With headquarters in Denmark and a presence worldwide, it ensures local delivery of services on a global scale.