As we enter deeper into 2023, the manufacturing sector is ripe for digital transformation. Industry 4.0 technologies such as automation, artificial intelligence, robotics, and smart devices are behind this move, with companies seeking improved productivity, lower production costs, and product innovation. A 2021 MPI study into Industry 4.0 says of digitization in the industry, “it is not a case of if [manufacturers] should digitize, but when: digital laggards are falling behind digital leaders, and the gap is widening.”
The MPI study proclaims that manufacturing must take advantage of the digitization of processes; one of the conclusions was that manufacturers should
"Digitize processes to facilitate widespread information sharing (with suppliers and customers) and to establish automate, proactive decision-making on the plant floor."
Digitization is a positive force in the sector, and many success stories highlight this. A McKinsey report on the digitization of manufacturing processes describes a 60-year-old US Schneider Electric plant that, after undergoing a digital transformation, experienced a 20% increase in customer satisfaction and a 26% reduction in energy costs.
However, digitization is a challenge in an industry already disrupted by geopolitical and supply chain problems. Cybersecurity is another area that is placing manufacturing under pressure. According to a CGI report, 69% of manufacturing executives say they “face cybersecurity challenges in implementing their digital transformation strategies.”
There is a delicate balance between opening systems and processes to the needs of digital transformation while continuing maintain a secure environment. Manufacturing organizations are increasingly a target for cybercrime, as they rely on a connected infrastructure that merges Operational Technology (OT) with Information Technology (IT) and creates new doorways for attackers where previously there were none.
Evidence for systemic vulnerabilities is presented in research such as Fortinet's 2021 State of Operational Technology and Cybersecurity Report, which revealed that 90% of organizations had at least one OT system intrusion incident. According to the same report, 42% of intrusions came from insiders, with access control being a crucial factor.
The industry recognizes both the need for digitization and the looming threat of cyberattacks: A survey by Make UK found that 91% of manufacturers "intend to invest, or are already investing in digitisation." However, 35% of these companies said that cyberthreats prevented full investment in digitization. The report also warns that as digitization progresses, cybersecurity risk will “deepen and broaden,” with 45% of respondents believing they do not have the right tools to address cyberthreats.
Additional evidence for the explosive growth of manufacturing-focused cyberthreats comes from the 2020 IBM Security X-Force Threat Intelligence Report Index, which reports no less than a 2,000% increase in cyber incidents affecting OT infrastructures.
One of the key security challenges that manufacturing must deal with is the supply chain. Automobile manufacturers are a case in point; according to McKinsey, this sector alone has 250 tier-one suppliers and over 18,000 suppliers across the entire value chain.
Supply chain attacks have seen a surge in recent years, particularly since the start of the Covid pandemic. A BlueVoyant 2021 survey found that almost all firms (97%) had been "negatively impacted" by a cybersecurity breach at a supplier.
The 2021 Verizon Data Breach Investigation Report (DBIR) analyzed the patterns of attack in manufacturing. The areas of attack focus shine a spotlight on the human operator:
Basic Web Application Attacks
Together these areas represent 82% of breaches. Social engineering and phishing are amongst the tactics used to intrude into manufacturing systems and their expanded networks. The DBIR report emphasizes that the human element, including both employees and non-employees, pose the most significant vulnerability to organizational security.
Ransomware is another serious concern for manufacturing, with 36% of manufacturing firms suffering a ransomware incident, according to a report by Sophos. The same study points out that almost half of firms unaffected by ransomware expect to be a victim in the future.
Data protection and cybersecurity regulations in the manufacturing industry provide frameworks to help alleviate cyberattacks. But these regulations can also create hurdles to digitization, requiring cybersecurity measures and processes to filter across the entire organization as well as its supply chains. Specific examples in the sector include:
International Electro-Technical Committee (IEC) 62443 “Security for Industrial Automation and Control Systems
Adopting a zero-trust approach to security can make it easier to meet these regulatory requirements and keep your digital transformation plans on track.
The manufacturing industry is a mix of disparate infrastructures, supply chain firms, customers, and global support teams, all needing access to IT, OT, and SCADA systems. Visibility into devices, people, and data is vital to securing an expanded manufacturing infrastructure; but not every user or device requires the same level of access. Identity-based zero-trust access provides a mechanism to implement a culture of “never trust, always verify.”
Implementing zero-trust access benefits manufacturers in the following ways:
Visibility: Manufacturers have massive real estate to control. Visibility across people, devices, and data are vital to ensuring the continuous protection of assets. The zero-trust model provides granular control and always-on verification.
Secure access control of data: End-to-end encryption and data flow control protects across different infrastructures. In addition, with a true zero-trust access platform like Cyolo, customer data is never allowed to leave a secured environment.
Continuous authentication: Control must be performed using an always-on authentication approach for persistent protection.
Insider threat protection: Insider threats can be both malicious and accidental. Always-on risk-based checks, powered by identity, enforce granular policies to deliver zero-trust access control and limit the ability of insiders to do damage.
Supply chain access control: Massive supply chains create a large attack surface for manufacturers to control. The zero-trust framework enforces privileged access management and minimizes this attack surface.
Regulations and compliance: Supervised access and session recording added an extra layer of security and provide evidential weight for auditing and regulatory compliance.
The ongoing connection of manufacturing environments appears to be inevitable, but keeping these critical environments secure does not have to be painful chore. Cyolo provides a simple way to prevent your worst access nightmares. Using the zero-trust access methodology, every door to the manufacturing environment is hidden, all access keys are thrown away, and you get the control you need to securely enable your business.
Jennifer Tullman-Botzer is a cybersecurity nerd by day and a history nerd by night. She has over a decade of experience in cybersecurity marketing and is as tired as you are of hackers-in-hoodies stock images. Jennifer joined Cyolo in 2021 and currently serves as Head of Content. Prior to Cyolo, she worked in a variety of marketing roles at IBM Security. She lives in Tel Aviv, Israel.