Languagesx
English Deutsch
Subscribe
Home Manufacturers: Approach Cybersecurity Like Your Assembly Line

Manufacturers: Approach Cybersecurity Like Your Assembly Line

cybersecurity
Managed security service providers

To combat cyberattacks, which pose a growing threat during the COVID-19 pandemic, manufacturers should take a page out of their own book and apply an assembly line approach to their cybersecurity.

More connected devices on the factory floor mean more opportunities for hackers to attack.

Even after the infamous cyberattacks of WannaCry and NotPetya that cost manufacturers millions of dollars in 2017, nearly half of all manufacturing companies still suffered a data breach in the past year. Threats are evolving so quickly that manufacturers simply can’t keep up.

But by breaking down cybersecurity into its independent parts, manufacturers can better prepare for inevitable data breach attempts.

Growing IIoT cybersecurity risks.

Despite the security risks associated with the Industrial Internet of Things (IIoT), connected devices have far more advantages than disadvantages on the factory floor.

The manufacturing industry must embrace digital transformation to remain resilient amid a tight labor market, shifting trade policies, and a global economy hit hard by COVID-19.

IIoT devices can help manufacturers improve performance, access consistent reports and insights, improve process visibility and customize their capabilities more seamlessly.

IIoT devices are particularly vulnerable to attack.

  • Many black box devices like smart sensors and programmable logic controllers (PLCs) run on outdated code — in some cases code from the 90s — with bolted-on modules.
    The decades-old code often contains bugs that put devices at risk of dedicated-denial-of-service (DDoS) attacks, or even total takeovers.
  • Additionally, many of these black box devices aren’t set up or configured by IT departments. For example, most manufacturers choose which milling machines to purchase based on how quickly they turn out parts, not how strong their firewall is. But when these devices join the connected world, they’re exposed to new threats.
  • The companies that produce connected devices often intentionally leave open a backdoor so they can more easily conduct routine maintenance. In some cases, the only way manufacturers can update a device is through USB ports, which are notoriously prone to malware transmission.
  • Manufacturers haven’t done their due diligence in training blue-collar workers, who are often not as IT savvy as those in white-collar industries. Workers unfamiliar with proper security protocol are more susceptible to phishing scams.
  • Similarly, as mobile scanning apps become more popular on the factory floor, manufacturers have introduced more opportunities for potential attacks. Most companies don’t have the capacity to manage various individual devices and apps in addition to their own technology, so personal tech often goes unsupervised.

Because IIoT devices are more susceptible to cyber breaches, DDoS attacks are common.

Think back to the 2016 attack on Dyn, a domain name system (DNS), which brought down major sites including Twitter, Netflix, Paypal and Spotify. Groups of automated harmful programs, or botnets, attacked IoT devices in what was, at the time, the largest DDoS attack in history.

Not only are the risks of cyberattacks growing, the consequences can be devastating.

According to a study conducted by IBM, the average time to identify a data breach is 197 days, the average time to contain a data breach once identified is 69 days and the average cost of a data breach in the U.S. is $7.91 million.

In the words of former FBI Director Robert S. Mueller III, “It is no longer a question of ‘if,’ but ‘when’ and ‘how often.’

There are only two types of companies: those that have been hacked and those that will be. And even they are converging into one category: companies that have been hacked and will be hacked again.”

The assembly line approach to cybersecurity.

Even though data breaches are inevitable, manufacturers can still take the right precautions to decrease their magnitude and mitigate potential damage.

Think about cybersecurity like a product in your assembly line. At every stage in the process, something new gets added, until you’ve assembled the final product. But if you stop adding new pieces in the middle of the process and try to use the product, it likely won’t work properly.

Cybersecurity requires similar layers of firewalls, encryption, anti-malware, access control, and endpoint protection to best defend your IIoT devices.

Managing cybersecurity like an assembly line requires strategies for every part of the process.

  1. Education: Employees who don’t know better are some of the easiest targets for cyberattackers. But a few simple process changes can help diminish instances of breaches caused by employees.
    1. Onboarding tutorials: Teach employees what to watch out for on day one. Include a web tutorial on how to avoid phishing scams as part of the onboarding process, and follow it up with a short quiz.
    2. Frequent testing: Any employees who use devices that can get hacked should be tested frequently. Send your own test phishing messages to ensure initial training actually took hold. Employees that click the links in these test emails should be automatically scheduled to take a refresher course.
  2. Network segmentation and device fencing: To address the rise of unsecured IIoT and personal devices on the floor, manufacturers should invest in network segmentation. By splitting your main computer network into subnetworks, or segments, companies can not only boost performance but also enhance security.

    Segmentation restricts network access to approved users and gives IT teams the ability to better control, monitor and protect the flow of information. If one subnetwork gets hacked, the risk of spread and the amount of data compromised are much lower.

    Additionally, manufacturers should establish device geofencing, which provides an added layer of access control and streamlines BYOD management. These boundaries limit access to certain applications or devices and track compliance within a specific geographical perimeter.

    A geographical perimeter can also be set up as a “device fence” — to alert system administrators when company-owned devices leave the premises or the device can be set to automatically shut off access.

  3. Hiring and outsourcing: Many manufacturers simply don’t have the IT department needed to monitor and manage security risks. Often, the same person is responsible for managing both the company’s security and its network.

    These employees are usually overworked and lack the necessary checks and balances of a fully staffed IT department. It should come as no surprise then that the burnout rate is incredibly high among these professionals — adding further strain to manufacturers trying to compete in a tight labor market.

Even with the right number of IT professionals in place, every business operating in the connected world needs 24/7 security coverage, 365 days a year.

Managed security service providers (MSSPs) can fill in the gaps that IT departments can’t manage single-handedly. External specialists not only have access to a much broader cybersecurity toolkit than in-house staff, they also often cost less than hiring an entire internal team. And the savings in reduced malware infection rates are invaluable.

MSSPs provide several crucial layers necessary for an assembly-line approach to cybersecurity.

The MSSPs approach includes a perimeter defense, endpoint security, intrusion detection and prevention systems (IDPs). The MSSPs also provide security information and event management (SIEM).

When selecting an MSSP, look for a partner with:

    1. Considerable experience with incident response and use of leading endpoint protection technologies.
    2. Multiple client success stories, case studies and credible references.
    3. Breach detection that analyzes every trouble ticket, instead of just tracking trends.
    4. Experienced staff — with the proper certifications — in every time zone where you conduct business.

The pace of IIoT cyberattacks isn’t letting up anytime soon.

No, the pace of IIoT cyberattacks isn’t letting up — they’re intensifying in the wake of the coronavirus.

It’s only a matter of time before your manufacturing company is breached — if you haven’t been already.

Know that the right combination of security layers can help you detect and prevent more breaches, and recover quicker when the inevitable strikes.

Image Credit: Ivy Son; Pexels

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

tags
Mike Rulf
Editor

Mike Rulf CTO of the Americas region at Syntax and is a seasoned executive with over two decades managing large technology organizations exceeding 500 individuals supporting product lines in excess of $250M in revenue. During that time he has had continuous hands-on involvement in the design, installation, maintenance, and extension of large distributed software solutions as well as both Cloud Services and SaaS platforms. Mike also spent four years implementing information security systems for large organizations.

Related News

US awards $1.5 bln to GlobalFoundries for semiconductor production.
US awards $1.5bn to GlobalFoundries for domestic semiconductor production
Rachael Davies
Evolution of Cybersecurity
The Evolution of Cybersecurity in the Age of IoT and Cloud Computing
Faith Adeyinka
Voice Assistants for Home
How to Use Voice Assistants in Your Home
Glane Akasi
Unmasking Oospy
Unmasking Oospy: dismantling global spyware menace
Deanna Ritchie
Reshaping Business and Society
How LoRaWAN and Massive IoT are Reshaping Business and Society
Bruce Chatterley

Most Popular Tech Stories

Latest News

Little Kitty, Big City promo
Gaming

Nintendo Switch and Xbox Game Pass get ready for a rush of indie games
Brian-Damien Morgan51 mins

Indie games had quite the moment this week with announcements for both Nintendo Switch and Xbox Game Pass. New games, like SteamWorld Heist 2, are on the way, as known...

Popular TopicsArrow right.svg

AI
AI
AR / VR
AR / VR
Cryptocurrency
Cryptocurrency
Gaming
Gaming
Smartphone
Smartphone
Gambling
Gambling
Wearables
Wearables
Web
Web

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.