No industry is immune to cyber attacks. According to the 2017 IBM X-Force Threat Intelligence Index, the manufacturing sector was the second highest industry that experienced cyber attacks in 2016. The recent WannaCry ransomware attack is just one revelatory example of rising cyber crimes and the increasing velocity, magnitude, and scope with which hackers carry out their craft.
In the 2017 WannaCry ransomware attack, over a hundred countries were affected – Microsoft Windows users were targeted using the WannaCry software. This rendered computers locked, with a demand for $300 to restore data and files. Included in this attack were two major car manufacturers, Dacia, owned by the Renault group of France, and Nissan. Renault was forced to temporarily stop production at several sites while Nissan's UK manufacturing plant reported no major impact on its operations.
The potential impact of cybersecurity attacks to manufacturing goes beyond financial losses. These unwanted activities attract regulatory sanctions, risk customer or partner lawsuits, cause reputational damage, and can create a ripple effect that leads companies to bankruptcy. If you're looking to strengthen your cybersecurity strategy (which is a wise decision), consider the following cybersecurity tips for manufacturers:
Tip #1: The cybersecurity journey starts with people
Making people aware of cybersecurity best practices is one of the most important cybersecurity tips for manufacturers because operational processes, machines, and other manufacturing assets are run by them. Manufacturing organizations need to assign employees who have the specialized skills and training in operating industrial control systems (ICS) and the dedication to protect the infrastructure. If such talent is not available within the organization, outsourcing is a viable alternative.
Other company stakeholders such as suppliers, vendors, partners, and investors should also be made aware of these best practices.
Anyone who you do business with can become a potential cybersecurity threat. One such example was the Target data breach in 2013 where hackers stole the data of more than 100 million customers through a vulnerability in the refrigeration system provided by a third party.
Tip #2: Firewalls are never enough
Firewalls are good, but they should be complemented with encryption, anti-virus systems, strong passwords, security updates, and intrusion detection systems.
Moreover, firewalls are fine within networks with the same level of trust. But when you move between different levels of trust, you need something stronger. For example, if you want to transmit information between the manufacturing network and the IT network, or between the security network and the manufacturing network, unidirectional security gateway technology can help control the flow of information in one direction while blocking the other direction to prevent intrusion.
Tip #3: Secure the Industrial Internet of Things (IIoT)
The industrial internet of things is part of a larger internet of things infrastructure – it’s a shared network of intelligent devices and computers that circulates data in real-time. For most modern manufacturing companies, IIoT holds the promise of significantly improving production – from the big machinery on the plant floor to the wearables, mobile devices, sensors, and other wireless devices down the supply chain. Every step of the process has the potential for a fully optimized system.
While this is an amenity for competitive advantages, however, IIoT is an added door to cybersecurity vulnerabilities if not properly protected. Manufacturers need to provide the same protection to all of their IIoT resources in exactly the same way they do with their ICS and the entire network. For example, the way you send and receive data needs to be standardized with access protocol for optimum interoperability between systems – across the supply chain, production floor, and beyond.
The goal here is to achieve transformative change, but you can’t do that with cybersecurity issues. Consider implementing short-term projects to assess your security, and make sure the right people have access to the proper data (and don’t have access to the things they shouldn’t).
Tip #4: Continuous monitoring is continuous security
Continuous monitoring is a proactive security strategy that actuates real-time detection and response to an attack on any system. An indispensable partner of monitoring is record-keeping which helps you determine whether or not there was an actual intrusion, the scope of the intrusion, and the extent of the damage, if any. Monitoring and recordkeeping are not just about counting how many incidents, alerts, advisories, and updates the company has gone through, but analyzing their true impact on cybersecurity.
Tip #5: Do vulnerability testing
After assessing where the risk areas are, simulations in the form of cyber attack drills can be run to ensure that security measures in place are working and effective. It would be ideal to run tests in the same way that hackers would do them. Your vulnerability testing should not just be an afterthought or a one-time thing; it should be done whenever there are changes or new features to be tested.
Making Manufacturing Bulletproof Against Cyber Attacks
The threat landscape in manufacturing continues to increase. You can be proactive and initiate preventive measures in your manufacturing company now, or you can risk being attacked and risk having sensitive customer data confiscated from you.
Although there are many more defense strategies against cybercrimes, we hope that the foregoing cybersecurity tips for manufacturers will be of help to you. Security is never finished, and this is especially true with today’s technology landscape.