Mayhem for manufacturers

The pandemic has pushed everyone towards faster adoption of innovative solutions, which has brought its own set of perils … Manufacturers are struggling to deploy the technology needed to effectively manage cyber risk.

Trend Micro, a global leader in cybersecurity, commissioned independent research specialist Vanson Bourne to conduct an online survey of 500 information technology (IT) and operational technology (OT) professionals in the United States, Germany, and Japan. It found that over 61% of manufacturers have experienced cyber incidents, with most (75%) of them suffering system outages as a result. More than 43% said that outages lasted more than four days*.

“Manufacturing organisations around the world are doubling down on digital transformation to drive smart factory improvements. The gap in IT and OT cybersecurity awareness creates the imbalance between people, processes, and technology, and it gives bad guys a chance to attack,” says Akihiko Omikawa, executive vice president of IoT security for Trend Micro. “That’s why Trend Micro has integrated IT and OT intelligence and provides a comprehensive solution from the shop floor to the office. We’re helping put visibility and continuous control back in the hands of smart factory owners.”

The results from all three countries showed that technology (78%) was seen as the biggest security challenge, although people (68%) and processes (67%) were also cited by many respondents. At the same time, fewer than half of the participants are implementing technical measures to improve cybersecurity.

Asset visualisation (40%) and segmentation (39%) were the least likely cybersecurity measures to be deployed, hinting that they are the most technically challenging for organisations to execute. Institutions with a high degree of IT-OT collaboration were found to be more likely to implement technical security measures than those with less cohesion. There was a particularly big gulf between organisations with high IT-OT collaboration versus those with little to no IT-OT collaboration in the use of firewalls (66% versus 47%), intrusion prevention systems (62% versus 46%), and network segmentation (54% versus 37%).

Standards and guidelines were cited as the top drivers for enhanced collaboration in the United States (64%), Germany (58%), and Japan (57%). The National Institute of Standards and Technology’s (NIST’s) Cyber Security Framework and ISO27001 were among the most popular guidelines, while the most common organisational change cited by manufacturers in all three countries was appointing a factory chief security officer.

Trend Micro recommends a three-step technical approach to securing smart factories and keeping their operations running:

• Prevention by reducing intrusion risks at data exchange points like the network and DMZ (a perimeter network that protects an organisation’s internal local-area network from untrusted traffic and adds an extra layer of security). These risks could include USB storage devices, laptops brought into a factory by third parties, and IoT gateways.
• Detection by spotting anomalous network behaviour like multiple log-in failures. The earlier the detection, the sooner attacks can be stopped with minimal impact on the organisation.
• Persistence is crucial to protect smart factories from any threat that has evaded the prevention and detection stages.

It is clear that vigilance is key to keeping cyber perils from slipping through the cracks to manage cyber risks and prevent them from causing mayhem within your operation.

* These findings and more can be found in the report, “The State of Industrial Cybersecurity: Converging IT and OT with People, Process, and Technology.”