As supplies continue to run slim and companies and consumers face global shipping delays during COVID-19, the manufacturing industry is facing significant pressure to produce faster to meet these growing demands. At the same time, a major labor shortage has forced nearly half of all manufacturing executives to turn down business opportunities. As a result, 2.1 million manufacturing positions in the U.S. alone could remain unfilled by 2030.
To meet increasing demand, manufacturing companies are prioritizing speed of production over necessary security modernization, creating a window of opportunity for cybercriminals to find vulnerabilities and launch attacks. In 2021, manufacturing was the industry most commonly targeted by hackers in North America, making up 28% of all attacks.
How can the industry strike a balance between operational needs and security? Here are four ways manufacturing organizations can strengthen security processes within their operations.
Operational and informational technology threats
With legacy technologies largely still in use across the sector and a short supply of dedicated security professionals within the industry who know how to securely integrate Operational Technology (OT) with Information technology (IT) systems, cybersecurity has long remained a risk for manufacturers.
OT is the hardware and software used to monitor assets, processes and events in manufacturing, whereas IT is used for data computing. Traditionally, these technologies have been managed separately, but they are converging more and more in today’s digital world.
With the rise of the internet, cloud and Internet of Things (IoT), devices are more connected than ever before, becoming one of the most important technologies in this century. Manufacturers must continue to improve their once ‘air-gapped’ OT systems to integrate with IT. The OT/IT integration can help manufacturers build resilience through enhanced testing the during development, implementation, and operations of systems.
However, many OT systems were never designed for this level of connectivity or remote accessibility, and as a result, this often increases risks.
To mitigate these risks, the industry must use the same mindset in protecting traditional IT systems as with OT. For example, manufacturers need to ensure they are segmenting systems and information based on a schema. Strong authentication methods that limit capabilities, can help secure the behavior of systems and applications.
Adoption of robotic process automation
Manufacturers are also increasingly adopting RPA to improve business management operations through active, smooth functioning bots. If done right, RPA provides better visibility and detection of anomalous behavior or activities. It acts as a force multiplier, automating larger tasks so humans can focus on the more difficult areas.
For example, based on the anomalous behaviors, RPA can take actions centered on the threat, risk and impact quicker than a human, which can reduce overall risks. RPA can also alert staff of situations while providing analysis of the situation, resulting in a more focused response and reduced false alerts. This ultimately, can decrease the time security teams spend in responding so they can focus on only the most critical threats first, while removing the chance of error.
However, with RPA, comes risks especially considering the quick setup many organizations might have taken to support remote access at the beginning of the pandemic. If shortcuts were taken, organizations may not have gone back and re-evaluated what they were tasked with securing, leaving unsecured loose ends.
It’s vital that RPA is set up correctly, as it can help reduce time spent on tasks by securely automating management and monitoring of processes.
Protecting against third-party vulnerabilities
Another source of risk is third-party vulnerabilities. Often, organizations rely on third parties to develop code and applications, but oftentimes don’t check who they are and how their processes, code and applications function. This is where the zero-trust architecture can help so organizations can verify what is in their architecture, who/what has access, why they need access, and how they are accessing it. When that is not operating as designed, security teams will have actions in place to stop it.
By limiting authorization and access, organizations can have a complete understanding of their environment, so they know the status of their data regardless of whether it’s managed by a third-party vendor or not. As organizations look to partner with third parties for development, they must get to know them to gain an understanding of their cyber policies and ensure they have like values.
Impact of connected IOT devices
Modern manufacturing organizations are also adopting more 5G Internet of Things (IoT) devices and sensors. Connected IoT devices can improve efficiency in production operations, but also bring risks with more connectivity and expanded attack surface.
A common recommendation to combat the current threats in manufacturing is to limit the number of connected IoT devices. Organizations need to ask “How?”, “When?”, and “Where?” as they establish processes to incorporate IoT into their environment. Much like managing third-party risk, zero trust can be a great solution to control who is accessing what device to ensure security without limiting the adoption of IoT. While these connected devices support the remote operation of equipment, improve efficiencies, and lower costs, organizations must properly control their processes to maintain security.
Strengthening the future of manufacturing
The level of complacency is increasing when it comes to establishing the resiliency of supply chains and there is a heightened focus on producing faster to meet growing demands, creating room for cybercriminals to attack.
Although these modern technologies are meant to aid in preventing cybersecurity attacks, they may also be working against an organization’s originally intended operations, creating setbacks. To better secure these operations, it is important that organizations take a step back to reassess and develop a gameplan.
Cybersecurity should be part of every manufacturers’ organizational culture and employees must understand that they are part of the solution to protect information, systems and operations from irreparable damages.