The acceleration of cloud computing and the adoption of the Internet of Things (IoT) in the supply chain has created new opportunities and attack surfaces for cybercriminals to target. As manufacturers and suppliers connect their systems and applications together via the network, protecting the supply chain will require new security controls and best practices, enabling manufacturers to navigate through today’s ever-shifting supply chain landscape.
Below are key practices for protecting the supply chain against the next cyber threat that will ultimately help manufacturers successfully adapt, develop new products and services and increase profitability, while maintaining a competitive advantage.
Analyzing 5G opportunities
The arrival of 5G technology is powering smart factories, allowing more supply chains and manufacturers to innovate with connected devices sensing their environments and operating interdependently. The benefits of adopting 5G are vast and offer lower latency, more intelligent infrastructure, increased bandwidth capability and faster computing time to help companies make decisions quicker than ever before. Since manufacturing plays a key role in the global economy, every manufacturer can serve as the catalyst for companies in other industries including transportation, retail, healthcare and many others.
As suppliers and manufacturers continue to innovate and adopt 5G, they must take this opportunity to reassess their cybersecurity initiatives, analyzing the devices that will connect to this faster and more efficient network, and identifying any preexisting cyber risks. In fact, a recent study found that 54.6% of manufacturing and supply chain companies noted that securing 5G will require increased engagement across the organization, adapting additional security practices.
Integration of Zero Trust Principles
Security principles and practices are not often taken into account when manufacturing products are designed. They are often an afterthought, or worse, only a priority because of a data breach, which can cost a company millions of dollars. IoT devices in the manufacturing industry are an attractive entry point for adversaries since they often have a longer shelf life, lower security levels and are unable to be updated or patched on a regular basis without pausing all operations. However, the data that can be exploited from one of these devices is extremely sensitive, threatening critical infrastructure along with the health and safety of consumers.
Zero Trust principles can play a critical role. Companies that have implemented these principles accept the idea that there is no trust granted to assets based solely on their physical or network location (i.e., local area networks versus the internet) or based on asset ownership (enterprise or personally owned). By implementing a Zero Trust framework, manufacturers can identify supply chain weaknesses across the creation, manufacturing, testing and delivery of products, without halting or disrupting operations. In fact, a number of business leaders have already implemented Zero Trust. Our research found that 31% of respondents have completed implementing a Zero Trust architecture, while 35% are still in the process of doing so. While 21% are researching Zero Trust architectures, there is more work to be done to help manufacturers continue this adoption process.
Continued education and collaboration
Before working on particular security processes and considerations, it is important to establish the relationship between IT and business leaders since security must be built into every process, product, and experience across the supply chain. Business leaders need to work with IT leaders to understand that the security of supply chain data is vital to business continuity. This partnership starts with business leaders having the same knowledge and understanding of potential cyberattack scenarios. The phrase, “this is an IT problem,” is no longer the case since it’s now every business leader's problem to solve. As we saw with the security incidents in 2020, cybersecurity has moved from a technical issue to a business enabler. This shift will continue to help develop this partnership between IT and business leaders.
By working together, IT and operational technology (OT) teams can also better determine the balance of priorities between the two in order to successfully protect the data that may be exploited on IoT devices. It’s important for companies to have visibility across all types of connected devices including OT, IT and IoT. Digital transformation and the need for business agility are creating increasing co-dependence between IT and OT. With cybersecurity, this convergence can result in a widely expanded attack surface.
Establishing a shared responsibility model
Creating a more integrated security strategy across the business is much easier once the partnership between business leaders, IT and OT teams is established. Employees, customers and supply chain partners must understand that both their physical and digital assets are all targets for cyberattacks. After that realization, they can better recognize their role and the shared responsibility to help protect those assets.
Defining the ownership between a security team’s responsibilities and those of employees, partners and customers will help reduce the potential of adding new vulnerabilities into your supply chain, especially when utilizing new IoT devices. The transformation to this shared responsibility model helps provide that everyone is working together to protect the business and ultimately the security of the supply chain as a whole.
Over the past year, the industry has seen an acceleration in digital transformation initiatives. Manufacturers have quickly evolved in order to adapt physical systems to automated and data-driven processes across their supply chain. With a newly expanded attack surface, we cannot under-rate the importance of protecting the supply chain. Through new 5G initiatives, collaboration, a shared responsibility model and Zero Trust principles, the security of supply chains will strengthen as manufacturers continue to innovate.