October 29, 2019
By: Taeil Goh, Chief Technology Officer at OPSWAT
The manufacturing industry has been at risk of cyberattack since long before the proliferation of Industrial Internet of Things (IIoT), sensors, robots, industrial control systems and other connected devices increased the attack surface exponentially. From nation state threat actors seeking to obtain intellectual property to hacktivists attempting to disrupt mission-critical services for ransom, there’s no shortage of motivations or sophisticated attack techniques at an adversaries’ disposal.
As 2020 approaches, the traditional networks and devices that power manufacturing plants 24/7/365 and connect them to the outside world remain vulnerable to cyberattack. Yet, industry is increasingly concerned with how the more contemporary supply chain threats and the many risks inherent to remote work and bring your own device (BYOD) policies can and will disrupt the operations and economics of manufacturing.
Manufacturing leaders must mitigate cyber risk by educating every employee at every level.
Such concerns aren’t without merit, as borderless supply chains lack unified cybersecurity rules and regulations for vendors to remain in compliance with and budget constraints favor partnerships with the “cheaper option” and not those with greater security safeguards that might cost a little bit more. In fact, in a study on supply chain risk, 71% of the organizations surveyed believe they do not hold external suppliers to the same security standards as their own.
More than half of manufacturing companies have fallen victim to a cyberattack in the past year despite all of the time, money and effort invested in risk mitigation, threat detection and response. From employee awareness training and technology adoption to the mandate given to many DevSecOps teams to build cybersecurity directly into new equipment – there’s been no shortage of attention paid to cyber risk.
In addition, a report from Deloitte recently revealed that 87% of manufacturing companies have a cyber incident plan, but astonishingly only 37% have it in documented and tested state. While this is disturbing, it’s not at all surprising when considering no regulations exist that mandate incident response testing with any regularity.
Interestingly, that same report also revealed that most cyber threats experienced by manufacturers were actually coming from internal employees through “phishing, direct abuse of IT systems, errors and omissions and use of mobile devices.” From this information we can infer two key takeaways: 1) employee training beyond the IT and security teams has not been sufficient enough and 2) the vast majority of cyber incidents were likely preventable.
In the next decade, the burden will truly be on manufacturers to take various steps to make all employees, regardless of role or responsibility, understand that any interaction with technology can play a role in a cyberattack. This type of educational focus will represent a change to both culture and strategy – which is never easy to deploy despite its necessity. And manufacturing leaders must do so without the overuse of scare tactics but with the goal of showcasing in a digestible manner to all employees how cyberattacks operate and how to handle them upon suspicion or confirmation.
Protecting the manufacturing sector against cyberattacks is a two-part problem. The industry must put in place better protections, more advanced security protocols and better incident response plans, but that starts with better cybersecurity knowledge across the entire workforce. Ultimately, we need to change the way everyone in the ecosystem thinks about cybersecurity. The success of the manufacturing sector relies on the steps taken by the workforce to mitigate risks – and that starts with the knowledge and understanding of the nuances that make up this sector’s cyber risk.
In the decade ahead, manufacturers cannot afford to not train each and every employee in cybersecurity – the risks are simply too great to ignore.
Taeil Goh
About the Author
Taeil Goh is CTO at OPSWAT and has over 12 years of Software Engineering experience primarily in cybersecurity, delivering enterprise products to high-security industries such as government, military, critical infrastructure, and finance. His main focus is on leading the engineering team, but he also takes on other roles including CISO, cloud architect, UX design, and DevOps. His current cybersecurity focus is on content disarm and reconstruction (CDR), DLP, dynamic analysis, static analysis, security analytics, email security, web security, and APT detection. Taeil Goh is a regular speaker at cybersecurity events and contributor to OPSWAT blogs. Taeil earned his bachelor’s degree in Computer Science from San Francisco State University. Outside of work, he loves playing tennis and he has been a student pilot for the last 4 years hoping to finish that this year.
ASME & Discovery Education: STEM Programs Prepare Future Workforce
Patti Jo Rosenthal chats about her role as Manager of K-12 STEM Education Programs at ASME where she drives nationally scaled STEM education initiatives, building pathways that foster equitable access to engineering education assets and fosters curiosity vital to “thinking like an engineer.”
Get In Touch
Google news and SEO compliant, Industry Today’s state-of-the-art digital media platform offers bespoke media campaigns that target key decision makers and buyers to achieve your marketing and promotional goals.
Contribute
Showcase your brand and promote your business to our highly targeted audience. We offer detailed Google Analytics with measurable ROI to assure success. Submit your content for review by our Editorial team who will contact you to discuss the project further.
About Us
Reach Your Targeted Audience and Grow Your Business. Learn more About Industry Today.
Contact Us
© 2024 Industry today. All Rights reserved.
