Is the manufacturing industry cyber resilient?

Article 28 mai 2024 Temps de lecture: 4 min

Listen to article

0:00 0:00

By Kris Lovejoy, Global Security & Resiliency Leader at Kyndryl

The manufacturing industry is rapidly undergoing digitization in the era of Industry 4.0, with technology being increasingly embraced for tasks ranging from strategic planning to end-to-end business operations.

Companies adopting Industry 4.0 technologies like IoT and automation to improve productivity and efficiency face more potential cyber incidents. According to a recent World Economic Forum report, the increase in connectivity and data transparency in the manufacturing ecosystem has expanded the sector’s exposure to cyberattacks. This has led to the manufacturing sector being the most targeted by cyberattacks for three consecutive years, accounting for about 26% of all attacks, with ransomware comprising 71% of these attacks. If a manufacturer experienced a ransomware attack that caused a factory to shut down even for a day, it could send repercussions throughout the entire organization — it could delay orders, cause the brand to be seen as less reliable and create reasons for customers to turn to competitors.

Many manufacturers face cybersecurity-related regulations and guidelines around the world, such as the NIST Cybersecurity Framework in the U.S., the NIS2 Directive and the Cyber Resilience Act in the European Union that aim to protect critical business processes and data. Compliance with these regulations can be challenging and expensive.

Between the increasing threat of cyberattacks and growing regulatory pressures, manufacturers must prioritize cyber resiliency. Here are four strategies that the manufacturing industry can implement to enhance cyber resilience.

1. Identify the minimum viable company

For manufacturers, the tolerance for operational downtime is very low and ensuring the business remains up and running is vital. It is critical to identify the assets that power the minimum viable company — or the bare necessities an organization needs to run critical business processes and the key systems and data that support them.

To be cyber resilient, manufacturing leaders must identify the most critical systems that are vital to operations. This could range from the systems that power the factory floor to the systems that power the supply chain required to obtain raw goods. These assets need to be protected at all costs. Additionally, it’s necessary to focus on time to recovery of the assets and determine the minimum amount of downtime that can be allowed for recovery systems to do the job. Once these foundational principles are determined, manufacturers can partner with experts to apply the right resiliency principles to the enterprise, such that the data and systems are always available and can be recovered reliably within the mean time to recovery.

2. Create a plan to retire legacy assets

Because manufacturers rely on legacy systems to run their operations, it is important to regularly inventory assets and see what needs an update. Outdated systems can have problems, such as no longer receiving critical patches — making them more vulnerable to bad actors. They are also less reliable because they are handling more workloads than they were designed for.

For three consecutive years, the manufacturing sector has been the primary target of cyberattacks, accounting for approximately 26% of these incidents. | Source: Building a Culture of Cyber Resilience in Manufacturing, World Economic Forum report

Ransomware attacks on industrial organizations rose by almost 50% in 2023, with 71% of the attacks targeting manufacturers. | Source: Building a Culture of Cyber Resilience in Manufacturing, World Economic Forum report

3. Conduct third-party risk management assessments

The manufacturing sector has a complex partner ecosystem that poses several potential cyber and compliance risks. If a third-party vendor can no longer supply critical inputs needed to produce goods by the manufacturers, operations could halt. The business could also be significantly impacted. It’s crucial to align the vendor risk-management strategy with the business objectives and consistently update the risk register and risk reporting. Have a map of the dependencies of third parties, as well as plans to obtain the necessary inputs if and when those third parties cannot provide the input.

4. Build a holistic culture of cyber resilience

Most cyber incidents can be traced back to a human being who made a mistake, inadvertently abetting the threat actor. Generative AI heightens the risk of successfully manipulating these inadvertent actors by enabling realistic and sophisticated phishing attacks. It also provides threat actors with opportunities to craft malware that can more successfully evade common controls.

Continual focus on cybersecurity awareness is critical to organizational safety and responsibility. Awareness and understanding must evolve as attacks become more frequent and sophisticated. By fostering a culture of cybersecurity awareness and healthy skepticism, organizations empower employees to navigate the ever-changing threat landscape and remain cyber-safe.

These strategies can help the manufacturing industry protect itself from cyber threats and achieve cyber resiliency and success in the digital age.