Blake Moret, chief executive officer of US-based provider of industrial automation and digital technologies, in a recent article published by the World Economic Forum, said a cyber attack on a manufacturer can have significant knock-on effects that can even spread beyond the industry to other organizations along the supply chain.
“The global spread of manufacturing production facilities creates complex supply chains in which producers are also often consumers. Manufacturing is also inherently intertwined with other sectors such as logistics, energy and information technology. And so, any disruption to the manufacturing process can cascade throughout many other sectors—and around the world,” he said.
Moret further shared that heightened connectivity and data transparency has made manufacturing the most targeted sector for cyber attacks for three years in a row. It now accounts for 25.7% of attacks, with ransomware involved in 71% of these incidents.
However, he also noted how the manufacturing sector faces challenges building cyber resilience. Chief among these is the cultural mindset gap between enterprise and industrial environments, with the latter often prioritizing physical safety over cyber safety.
Technical challenges are also a major barrier. Outdated legacy systems and connected assets within industrial control systems have left many manufacturing organizations unprepared to repel sophisticated cyber threats.
Manufacturers are also often reluctant to take factories offline to make upgrades in security or deal with cyber attacks, said Moret.
Additionally, manufacturing is influenced by external forces such as the global inflation and rising energy costs, which add to manufacturers’ hesitancy to make improvements.
Another complication is that manufacturers must navigate various regulations and industry standards concerning human and product safety, data protection and cyber security.
Moret said that regardless of these complexities, the manufacturing sector must deal with cyber challenges so it can explore new technologies in a secure manner. He outlines three cyber resilience principles that companies can apply to their operations:
• Make cyber resilience a business priority. This principle emphasizes the need for cultural change and a comprehensive cyber security governance. It also covers the importance of securing budget and resources, while also creating incentives to ensure that cyber security is an objective embraced by all stakeholders.
• Drive cyber resilience by design. This means integrating cyber resilience into every aspect of processes and systems. A risk-based approach must be used to incorporate cyber resilience into the development of new products, processes, systems and technologies.
• Engage and manage the ecosystem. This principle underlines the importance of fostering trusted partnerships and raising security awareness among stakeholders. Rather than having one organization exert control over a supply chain of other actors, an ecosystem approach involves encouraging all entities in a business network to collaborate to address issues like cybercrime.
August 27, 2024