ARE YOU SECURE?
Today’s digital revolution is turning factories into the new frontier of cyberwarfare.
Last year, manufacturing became the most attacked sector by cybercriminals, putting intellectual property, product quality, and even employee safety in jeopardy. Yet, according to our report by the Capgemini Research Institute, cybersecurity in smart factories isn’t a C-level concern. While being connected to the cloud or the internet is unlocking operational efficiency, resilience, and productivity, the increased connectivity creates a significantly larger attack surface area and entry points for attackers to exploit.
Combining this with the use of legacy machinery, designed before cybersecurity was even a consideration, manufacturers have been left exposed to a plethora of cyber threats. Leaders must now address the complex security questions being raised if they are to protect their business moving forwards.
Growing attack surface
The sheer scale of Industrial Internet of Things (IIoT) connections and Operations Technology (OT) devices is overwhelming manufacturers – in fact, the number of IIoT connections is expected to reach 37 billion by 2025, while the total number of connected devices worldwide is set to triple to 24.4 billion by 2030.
According to our report, a vast majority (78 percent) of organizations have little to no visibility over these devices at their smart-factory locations. And there the problem lies. If organizations want to seize the advantages offered by Intelligent Industry, it goes without saying that risk areas must be identified quickly, and a high-level of visibility is essential to establishing and mediating a potential cyber incident.
Employees – who are often the first line of defense – are also the weakest link in smart factories, seen by attackers as the most vulnerable entry point. Since the pandemic, issues of ‘shadow IT’ have arisen as workers opt for more discrete IT systems that bypass the shortcomings of central IT systems. To resolve this, firms have brought in vendors and partners to manage shadow IT issues, creating an even larger surface area for attackers to exploit. While decentralized defense software will be effective if selected well, misconfiguration will only multiply the ports of entry for attackers.
Unengaged boardroom is not cyber-aware
More than half (51 percent) of industrial organizations believe that the number of cyberattacks on smart factories is likely to increase over the next 12 months. However, the heightened awareness of cyber risks doesn’t necessarily translate to preparedness. The same report found that nearly half (47 percent) of organizations did not even see cybersecurity in smart factories as a C-level concern.
This disconnect between leaders and the C-suite is problematic because it affects everything from budget allocation to how quickly organizations respond to an attack. Employees are often credited as the weakest link because they are the only unpatchable piece of the security framework. And people are ill-equipped in this area. Less than half (48 percent) of organizations state their smart-factory employees are trained to deal with the impact of an attack through connected machinery. To minimize the potential for cyber breaches to turn into fully fledged attacks, employees must be trained to spot the early warning signs of a potential attack to allow for quick response.
Navigating the labor market
A notable reason for this is the global shortage of cybersecurity professionals – which is even more acute in the smart-factory specialism. In 2013, there were 1.5 million unfilled cybersecurity jobs; today that extends to an estimated 3.5 million.
As things stand, more than half (57 percent) of organizations experience difficulties hiring the right skill sets, exacerbating the issue to new extremes.
Whether it’s 5G or quantum computing, every new technology requires two kinds of specialists: one group with a deep knowledge of the overarching concept and another with deep knowledge of specific security considerations. This is clearly a major issue as it is essential to have people who truly know how to manage the new threats presented by the connected industry.
Manufacturers must invest in training experts and cybersecurity leaders who can oversee the implementation of comprehensive Industry 4.0 security measures, as well as spearheading the upskilling program for employees. Those that cannot get this off the ground quickly should consider partnering with an organization equipped with expertise and end-to-end services to manage it.
Intelligent Industry promises vast benefits and unlimited possibilities, powered by new and emerging technologies. Smart factories will lead the way forward for manufacturing, but without securing the increased digitalized environment, organizations are still putting their business interests at risk. All advancements can be reset in a blink of an eye if security is not properly infused into the systems, and only organizations that adapt to survive can realize their true potential.
For a list of the sources used in this article, please contact the editor.
Dr. Aarthi Krishna
Dr. Aarthi Krishna is Global Head of Intelligent Industry Security at Capgemini. Capgemini is a global leader in partnering with companies to transform and manage their business by harnessing the power of technology. The Group is guided everyday by its purpose of unleashing human energy through technology for an inclusive and sustainable future. It is a responsible and diverse organization of over 350,000 team members in more than 50 countries.