All the latest news from the industry weekly compiled by the editorial team for you free of charge.
This eMail is already registered.
An unexpected error occured.
Please accept our Terms of Use.
Registration successful.
2 Ratings

CYBERSECURITY PROGRAMS An expansion of cyber threats

Jul 14, 2022

Manufacturing has been at the forefront of the technological revolution that has given the world Industry 4.0: From Robotic Process Automation (RPA) to the Industrial Internet of Things (IIoT) to the merger of OT and IT (operational technology and information technology), the interface and network of manufacturing have changed beyond recognition. The rise of digital technologies such as AI, ML, and cloud brings a new level of cyber complexity to factories. Does the manufacturing industry have adequate cybersecurity programs in place to prepare for these expanded risks? This article gives insights of a few of the programs. - Nachiket Dandekar, Founder & MD, Sana Cyber Forensics Investigation and Data Security Services

Numerous manufacturing companies are seeing an increase in cyber-related incidents associated with the control systems used to manage industrial operations. These systems can vary from programmable logic controllers and distributed control systems to embedded systems and industrial IoT devices. Collectively, these industrial control systems make up the operational technologies (OT) that allow establishments to operate.

While the benefits of connectivity include increased levels of productivity, faster identification and remediation of quality flaws, and better collaboration across functional areas, they can also reproduce the potential vulnerabilities of the smart factory. The Cybersecurity and Infrastructure Security Agency (CISA) lists 1,200+ known OT system related security flaws, vulnerabilities, and exploits from more than 300 OEMs and system providers all around the world. The threat-landscape for the systems that manage operations of a production facility has increased rapidly with the growth in digitisation and advanced technologies. The core reason? IT & OT are out of synchronisation.

To gain operational efficiency and guarantee better customer service, many manufacturing companies are looking to merge IT and OT across their operations. There are several areas where people, processes, and technology overlapping between the IT and OT ecosystems — areas where individual strategies need to be in sync. The reality of these technologies and how they are used, however, is often markedly diverse.

OT system-related investment judgments are often made on the factory floor by leaders within operations, with minor involvement from corporate IT and security departments. This can lead to a myriad of various technologies, often with different security control capabilities, that will need to be integrated into and then organised using existing IT network infrastructures.

Need for cybersecurity in manufacturing company

Manufacturing companies should have a robust, updated cybersecurity infrastructure. Inadequate cybersecurity risks the product’s design or the company’s intellectual property. This may lead to significant financial losses. So proper cyber strategy is required. The following are the reasons:

  1. The rising cases of cyber-crimes are the major reason for all to become cautious. According to an article published by cybersecurity ventures, cybercrime will impose $10.5 trillion in damages by 2025. According to the report, cybercrime become the third largest economy after the US and China. It is a threatening situation for organisations to up their cybersecurity strategy.

  2. Manufacturing industry has much to offer, and inadequate infrastructure in manufacturing firms can be a very moneymaking target for cybercriminals as they can exploit the organisation’s intellectual property or stop their production. The confidential information of suppliers and customers can also be an easy target for cybercriminals.

  3. Manufacturing companies are more vulnerable to cyberattacks. Cyber attackers can exploit manufacturing companies’ vendor databases by phishing emails that include fake invoices and fake bank account details.

  4. Manufacturing companies have embraced digital technologies but are still in the building stage regarding cybersecurity.

  5. In this time of increasing business competition, manufacturing companies need to harden their organisation against malicious campaigns targeted at them with the intent of causing damage to their reputation and all-around reach.

To identify where the industry is going, it is crucial to examine the modern state of play. Industrial infrastructure protection is a difficult task, as it means using lots of tools for every level including field devices and operation control to guard ICS (Industrial control system) and corporate IT.

These are technologies for various manufacturer controllers, networks, computer safety, and the overall security control for enterprises. The number one cybersecurity in the manufacturing sector is well-timed detection and disposal of threats to endpoints and the network to protect the perimeter.

If the commercial site has complex automation and control systems, it is important to guard them against accidental failures and planned cyberattacks. Some examples contain substation or power plant automation, discrete or continuous process automation, distributed or centralised control systems, field, supervisory, or telecontrol systems.

It’s essential to apply reliable tools to track minor anomalies in overall performance indicators, for example, an indicator of pressure in an oil refinery tank or energy plant, to act earlier than a breakdown occurs.

Cybersecurity guide for minor manufacturing organisation

  1. Establish suited antivirus software and firewall protection for all the systems in the business network, including a computer system, laptop, ICS, and mobile phone connected to the system and networks.

  2. Unawareness of cybercrime among employees is a significant threat to the business. They can easily allow malicious actors to enter the organisation via various methods like phishing, vishing, smishing, or other attack vectors. We should ensure that all the organisation members know properly about the risk. A regular suitable training program helps to decrease the risk.

  3. The email domain plays an essential role in building a reputation with customers and potential leads for any organisation. Lack of email domain security may lead to severe damage to an organisation’s reputation and business performance. It can be through email spoofing, VEC attacks, BEC attacks, or spear-phishing attacks.

  4. Unauthorised access to sensitive machine operations and information in an organisation is harmful to the company in numerous ways. It may cause product or process from manipulation, alteration, or malfunctioning. Identity Access Management (IAM) is helpful to protect the industrial control system (ICS) of the manufacturing company.

  5. In the case of cyber attacks, incident response tools are helpful for the early detection of cyber attacks. That aids save the system from severe damage. For example, a phishing incident response tool helps report suspicious emails and eradicate malicious emails from the employees’ inboxes.

  6. One of the best practices for cybersecurity is periodically creating data backup in offline locations. It allows secure the organisation against emergencies arising from ransomware and DDOS attacks. Automatic data backup is also a good idea to establish a fast operation resume after a cyber attack. Online backups should be encrypted and on automated schedules to ensure they aren’t missed and the recent files. Multiple backup methods deliver an additional layer of protection, such as an on-site server & cloud backup.

  7. Devices are connected to the organisational network, especially in the post-pandemic era where work from home or hybrid work is the standard practice. Employees can access corporate networks from personal computer systems and mobile phones. The employee resigning from the organisation may harm the organisation. Organising and maintaining an updated inventory list of all the system-connected devices and routine review is vital to protect the internal system and information from going into the wrong hands.

  8. Malicious websites and social media present a substantial risk of delivering malware access to professional networks. Web traffic restrictions help employees only to visit trusted sites on an approved list.

Of all of the reasons it’s a clear picture how cyber security is an essential factor in any industry and especially in manufacturing industries.

Image Gallery

  • Digital / Cyber forensics

  • Cyber crime investigations

  • Nachiket Dandekar

    Founder & MD

    Sana Cyber Forensics Investigation and Data Security Services

Related articles