Manufacturing

Cybersecurity in the digital factory for manufacturers

Today, the manufacturing landscape is highly interconnected. Advanced technologies such as IoT, Artificial Intelligence, and cloud computing transform production environments into digital factories, driving the Industrial 4.0 revolution. These technological advancements drive much-needed efficiency and productivity to sustain businesses in today’s highly competitive environment. But they expose manufacturers to cybersecurity risks.

A single malware incident can result in downtime with significant financial and reputational implications, with a cascading impact on supply chains and operational integrity. According to Statista, the manufacturing sector saw 25.7% of the cyberattacks in 2023, the highest across industries. The global average cost per industrial data breach was around USD 4.73 million in 2022.  Considering the competitive landscape, manufacturers must prioritise safeguarding sensitive information, from proprietary designs to employee data and customer contracts. As manufacturers embrace the digital world, understanding and addressing cybersecurity threats and ensuring operational integrity is a key focus area.


Top challenges faced by digital factories

There have been around 260 data violation incidents in the US alone in 2023, spanning ransomware and malware attacks, supply chain and business disruptions, stolen customer information, etc. Manufacturers must understand that increased levels of connectivity come with more vulnerabilities. 48% of the manufacturers surveyed in a Deloitte study identified operational risks (including cybersecurity) as the topmost danger to smart factory initiatives. They noted increasing cyber incidents involving control systems that manage industrial operations. The control systems include programmable logic controllers (PLCs), distributed control systems, embedded systems and Industrial IoT (IIoT) devices and are collectively called Operational Technologies (OT). The convergence of OT, IT (Information Technology), people and processes increases the number of vulnerabilities.

Cybersecurity for manufacturers, therefore, spans three crucial areas of operation – people, processes and technology. Let’s briefly look at these.


People

The people aspect in the cyber threat landscape is an often ignored one. For example, a lack of awareness among employees is a significant vulnerability. An unaware employee clicking on a phishing mail can lock systems, resulting in downtime with other cascading effects. There is also the possibility of insider threats – maybe disgruntled employee(s) deliberately causing harm. Insider threats can happen through third-party actors or vulnerabilities in their systems and need not necessarily occur through the factory network or shop floor.

The cybersecurity strategy has to be enterprise-level. Industrial cybersecurity solutions must address the end-to-end touchpoints. People in OT, IT and shop floors may not share the same perspectives or have an enterprise-level view. Also, stakeholders in small and middle enterprises tend to have a false sense of security, believing they are too small or irrelevant to be attacked.

One way to address this issue is to ensure an organisational cybersecurity strategy by bringing all stakeholders together. Cybersecurity awareness training must be mandatory for all stakeholders, including third-party entities, with periodic audits of their systems.


Processes

Most organisations do not have an integrated approach to cybersecurity. The processes must cover IT, OT and people, and be technology-enabled. For example, to mitigate people-related risks of cybersecurity, awareness training alone may not help. What if the people deliberately want to cause harm or steal IPs and sell them to your competitors? Processes must be strengthened with relevant access control, monitoring systems and alerts.

The processes, while aligned with businesses, must also be technology-oriented. The process must consider all risks, whether business, people, or technology. Encourage employees to report suspicious activity or behaviour and have robust whistleblower programs to protect their identities. Having relevant encryptions in place with periodic audits also helps strengthen the processes. Including robust business continuity plans covering cybersecurity incidents as part of the process with backups, software updates, etc., strengthens cybersecurity initiatives. The process should also cover an updated inventory of IoT devices with the latest patches to help ensure IoT security in manufacturing.


Technology

Choosing the right technology solution in manufacturing involves many complexities. Investment decisions in industrial cybersecurity solutions must consider the sector, the size, the stakeholders, and the continuously evolving cyber threat and technology landscape. If people who do not understand the domain make the decisions, it compounds the problems. There are also instances of organisations underestimating the cybersecurity threat due to a lack of information.

Follow the security-by-design approach to ensure that the solutions implemented cover industry best practices in corporate governance, compliance, network architecture, security, and incident response. They should be holistic solutions that cover maximum cybersecurity vulnerabilities at all touch points for easy detection and mitigation.

Here are a few ways how technology helps address a few concerns effectively:
Monitor user behaviour and network activities for anomalies using data analytics to flag issues.

  1. Implement access controls and firewalls to ensure that authorised personnel access only what is required to perform their duties.
  2. Isolate the IoT devices from critical corporate networks to restrict vulnerabilities.
  3. Add filters for phishing emails at the enterprise level and enable multi-factor authentication (MFA) for critical assets.

How can Infosys BPM help?

Infosys BPM’smanufacturing outsourcing services provide end-to-end business solutions spanning business and technology strategies and organisational change management. Our solutions cover industries such as hi-tech, automobile, aerospace and defence and industrial manufacturing.


Recent Posts