Building Manufacturing Resilience
The scope of cyber risk extends beyond data. Physical assets
also are vulnerable. Cyber criminals potentially can seize control of equipment
operations, leading to significant unplanned downtime and posing safety risks
to employees.
Consider a manufacturer that stores and retrieves production
data for each job within an ERP system. What happens if a cyberattack disrupts
digital services or a cybercriminal holds underlying operational data for
ransom? Even more concerning, what if the attack alters technical
specifications, leading to the production of non-compliant parts? Similarly,
vision systems and quality-control processes can be compromised, becoming
targets for potential attacks.
While some of these scenarios may seem far-fetched,
cyberattacks have grown increasingly sophisticated and destructive. The
potential for exposure in these areas presents very real risks to manufacturing
organizations. As the industry continues to embrace digital transformation, manufacturers
must balance the benefits of connectivity with robust cybersecurity measures to
help ensure operational resilience and data integrity.
Manufacturers can fortify their operations by developing and implementing resilience strategies against cyberattacks. In this context, resilience does not mean “impenetrable.” Instead, it signifies a company’s ability to withstand an attack, respond swiftly and comprehensively when it occurs, and efficiently recover any compromised data or business operations. This process begins by identifying vulnerabilities in the digital perimeter and then constructing a multilayered strategy to protect and respond to cyberthreats.
Overlooked Issues in Manufacturing Operations
For manufacturers, multiple physical and digital entry
points into operations or data (including financial, operational, technical or
administrative information) can exist. These pathways might seem insignificant
or appear to be sufficiently hidden, but without proper care, they can provide access
points for potential threats.
Frequently overlooked sources of vulnerability include outdated
and unsupported hardware and software on the production floor. While this
equipment may not be used like traditional computers, it still is connected to
the network and, if not maintained properly, pose a security risk to the organization.
Frequently, IT departments are not involved in all technology-related decisions. With the rise of software-as-a-service models and cloud computing, it has become easier for employees to purchase new software, download applications or share files using the cloud, without oversight from skilled IT or cybersecurity professionals. Systems and software not vetted against company policies or properly maintained can introduce additional, less-obvious risks. Moreover, they increase the number of vectors a malicious actor might use to gain access, often without the company’s knowledge, further challenging data and operations protection.
The absence of real-time cyber monitoring is another common
gap in manufacturing operations. Without it, a company lacks visibility into
attempts to infiltrate its network. Preventing and safeguarding against attacks
becomes more difficult if a company is not aware they are under attack.
For example, real-time monitoring can protect against violations of impossible travel rules. Imagine a scenario where a legitimate user—a company’s corporate controller, for example—logs into the network from their home office in Chicago. Then, just 3 hr. later, the same account logs in from Tokyo. This impossible travel scenario clearly indicates that the controller’s credentials have been compromised. However, without proper, real-time monitoring, this breach could go undetected for an extended period.
The Foundations of a Multi-Faceted Security Strategy
A multilayer security strategy is the most effective
approach to resist an attack. At its most basic level, the strategy should
include:
- Password protocols: Implement and enforce the use of strong, unique passwords across all systems.
- Email
protections: Deploy technologies that limit spam and spear-phishing attempts, to reduce the risk of social-engineering attacks.
- Multi-factor
authentication (MFA): MFA adds an extra layer of security by requiring users to verify their identity through multiple steps when accessing company systems or applications. Implement MFA across all access points including email, VPN, cloud-based apps and internal administrative accounts.
- End-point
detection and response (EDR): EDR provides real-time visibility into potential threats, enhancing a company’s ability to detect suspicious activities. While often confused with antivirus software, EDR focuses on identifying malicious activity in a computer’s memory, whereas antivirus software scans for harmful programs on the computer or network. Manufacturers should employ both for comprehensive protection.
- Regular
vulnerability scans and penetration testing: To identify and address weaknesses before they can be exploited, manufacturers should conduct periodic—monthly or quarterly—penetration testing of external systems, and vulnerability scans of internal systems. This proactive approach is essential for maintaining a robust security posture.
- Vulnerability
management: Cybercriminals constantly probe for security gaps. To make their job more difficult, companies should regularly deploy security patches, update software, remove unnecessary programs and disable unused system processes.
- Air-gapped
backups and segmented networks: To protect against ransomware and other cyberattacks, store backup files on a standalone network with separate credentials. This separation mitigates the risk of compromising primary and backup data simultaneously.
- Recovery
testing: Manufacturers should regularly test their backup and recovery processes. This ensures that in the event of a network failure or cyberattack, they can efficiently restore operations and access critical files.
By adopting these foundational measures and continuously evolving their cybersecurity strategies, manufacturers can significantly enhance their resilience against the ever-growing threat of cyberattacks. Remember, in today’s digital landscape, cybersecurity is not just an IT issue—it’s a critical business imperative that demands ongoing attention and investment.
The Crucial Role of Employee Engagement in Cybersecurity
Employee understanding of cybersecurity is paramount. Many
hackers target people rather than systems, finding it easier to trick
individuals into sharing credentials than it is to break into networks
directly. Therefore, employee engagement in cybersecurity is as vital as
perimeter defense.
Manufacturers must establish controls governing data usage,
management and storage. They should restrict access to sensitive information to
those who absolutely need it to perform their jobs.
Cybersecurity training should be ongoing and comprehensive,
covering these and other topics:
- Recognizing
phishing attempts and social-engineering tactics
- Safe
browsing practices and password management
- Proper
handling of sensitive data
- Reporting
suspicious activities or potential security breaches.
By fostering a culture of cybersecurity awareness,
manufacturers can significantly reduce their vulnerability to human-centric
attacks.
Comprehensive Cybersecurity Training
To truly fortify operations against cyberthreats,
manufacturers should adopt a holistic approach that combines technological
solutions with human-centered strategies. This includes:
- Regular security audits and risk assessments
- Developing and maintaining an incident response
plan
- Collaborating with industry peers to share best
practices and threat intelligence
- Investing in ongoing cybersecurity education for
all employees, from the shop floor to the C-suite.
Comprehensive employee training is a cornerstone of effective cybersecurity for manufacturers. Cybercriminals employ various social-engineering tactics, including phishing emails, SMS text messages (smishing) and phone calls or voicemails (vishing) to steal information. Cultivating a culture of healthy skepticism among employees is crucial. When staff understand their cybersecurity roles and responsibilities, the entire operation becomes more resilient against digital threats. MF
See also: Wipfli LLP
Technologies: Management