Authored by: Kerrie Jordan, Director of Cloud Product Management at Epicor Software
Cybersecurity and compliance challenges are nothing new for the manufacturing industry, but with connected, smart factories becoming the norm, the resulting reliance on technology to drive operations has made the sector a much more lucrative target for cybercriminals in recent years.
The Internet of Things (IoT) promises great productivity and efficiency gains for manufacturers, but it also increases the risk and vulnerability of data and mission-critical operations if the right defenses are not in place. As more and more processes become automated or underpinned by connected devices, the potential for cyber-risks to infiltrate the network is a very real issue for every manufacturer today.
The changing nature of risk
It’s not just businesses that are reaping the benefits of the smart factory. Cybercriminals are finding ever more sophisticated and manipulative ways of infiltrating company networks, to achieve financial gain or disrupt operations.
According to research from F-Secure, cyberattacks on IoT devices surged last year, increasing by a staggering 300%. Given that every new connected device or tech-based process brings an additional point of vulnerability within a network, for cybercriminals to potentially gain access and disrupt production lines, leak confidential data, or worse, manufacturers need to ensure proper safeguarding processes are in place.
The impact of any breach or downtime—whether it’s a process on the factory floor or a back-office system—can have significant financial and reputational consequences. One such example is Colorado-based manufacturer Visser Precision, which makes parts for companies including Tesla, Boeing, SpaceX, and Lockheed Martin. It publicly suffered a data breach in early 2020, at the hands of a DoppelPaymer ransomware attack, which led to confidential files and customer details being stolen and available for download.
With manufacturers increasingly moving away from on-premise solutions and towards leveraging the computing power of the cloud, the issue of data security should be approached differently to what has traditionally been the case. Cloud platforms that are best-in-class will help reduce breach risks, but organizations must be wise not to take it for granted. Breaches could well happen where companies are running their own clouds without the proper controls. Phishing scams also become prominent is cybercriminals can use them to take advantage of email servers that have been deployed on the same networks as business application servers. With intellectual property, as well as confidential company and customer data, travelling across a network and being stored in the cloud, manufacturers must ensure they keep cloud solutions safeguarded from email systems, so that cloud adoption doesn’t come at the expense of data security or human error.
As well as the risk of unplanned downtime and reputational damage due to a data breach or halt to operations, innovation in manufacturing is also grappling with stricter compliance measures when it comes to personal data security. The introduction of GDPR has seen huge fines being issued to those companies suffering a breach, with similar regulations coming into force more recently around the globe to tighten up data misuse.
The people problem
In addition to the vulnerabilities associated with smart factory technology and the interconnected nature of manufacturing today, actions of individuals themselves can also be a huge area of risk. Despite phishing attacks and other social engineering methods having been around for a long time, they are still causing a big problem in the industry and continue to threaten the security of mission-critical data and systems.
According to the 2019 Data Breach Investigations Report by Verizon, phishing attacks remain the number-one cause of data breaches, particularly in the manufacturing sector. In the first half of 2019 alone, more than 4.1 billion records were compromised, with attackers hoping to gain trade secrets, compromise personal and financial data, or even disrupt manufacturing processes.