September 11, 2019
By Tracie Sokol, Vice President and General Manager, Business Imaging Communications Group, Canon U.S.A.
Successful digital transformation is often seen as the X factor that separates companies that are thriving from those that are lagging behind. While it’s arguable that adopting the latest technology and processes is critical for growth, some organizations overlook an important implication: more sophisticated technology can also mean more sophisticated vulnerabilities.
The manufacturing sector is no exception. As manufacturers increasingly adopt IoT technologies to generate more efficiency across the floor and increase remote access, they can also become susceptible to new threats that are constantly evolving. Because of this, these businesses must remain cognizant of both the benefits and the potential costs that come along with implementing new solutions that can help them increase operational efficiencies, lower costs, and deal with the digital migration of industrial systems.
Canon U.S.A.’s latest Office of the Future Survey, conducted by global tech market advisory firm ABI Research*, identifies the biggest security challenges that IT professionals across multiple industries are facing in business – from specific threats that threaten to derail organizational processes to growing gaps in their organizations’ cybersecurity agendas. In fact, all IT professionals in manufacturing organizations reported being the victims of a cyberattack during the past year alone; those attacks involved compromised devices, web-based vulnerabilities, and malware and ransomware.
So exactly what, or who, are manufacturers up against? Where are they focusing their efforts? Here’s what we found.
Keep Your Friends Close, and Your Employees Closer
The manufacturing industry hasn’t always been thought of as akin to a bank full of highly sensitive information, but cybercriminals are increasingly taking notice of the data goldmine. In fact, all manufacturing IT professionals surveyed confirmed experiencing a cyberattack from malware and ransomware, cryptojacking, compromised devices, social engineering, cyberespionage, software/web-based vulnerabilities, or Distributed Denial of Service (DDoS) over the past year.
While the chances of a cyberattack are understood to be high, it’s still hard for people to predict the nature of a specific attack. Widespread stories of data breaches lead some people to think of a hooded, silhouetted figure tapping into a company server from a far-away fortress, but IT professionals say the biggest threat sits within the walls of the company. More than one third (39 percent) of manufacturing players surveyed identified the most likely culprit of cyber threats to be malicious insiders followed by human error (29 percent).
While on the surface this finding may feel discouraging, it presents a big opportunity for manufacturers to revisit their cybersecurity training to see how they can better equip employees with the tools and knowledge needed to help identify and try to limit the chances of a cyberattack. Additionally, by uncovering threats stemming from within an organization versus externally, IT professionals can focus on implementing protocols to help combat potential attacks that are triggered by the “human element,” in addition to software security and hardware specifications.
As more organizations tap into the global market, international regulations have become a hot issue. U.S. manufacturing companies, small and large, have a duty to adhere to regulations based on the regions in which they operate.
While compliance with these regulatory measures are deemed by many as a way to help place security features around data, Canon’s research indicates that manufacturers have mixed feelings about the impact of these regulations: 69 percent of manufacturing respondents say external regulatory measures, like the General Data Protection Regulation (GDPR) implemented in 2018, have had a negative or very negative impact on their organization. As we look to 2020, it appears that compliance with security regulations will continue to be a challenge for manufacturers.
Head (and Wallet) in the Clouds
The cloud has quickly become a permanent and almost mandatory investment among companies, yet it still remains a mysterious entity for some. That hasn’t stopped cloud integration in to most of our personal lives, as well as enterprise technology ecosystems. The cloud is most often marketed as a storage-saving and a collaboration solution – but it can also serve as a hub for proprietary information, assuming that organizations put the right protectors in place.
It appears that manufacturers, specifically, understand the importance of protecting the cloud. Our survey found 62 percent of manufacturing respondents rated cloud security as the top cybersecurity investment for the coming year. Yet, only 25 percent said their organization is competent when it comes to cloud security technology. This underscores a critical issue that is shaping cybersecurity, as well as larger digital transformation, discussions: while it’s encouraging that companies are implementing new tools and protocols, if those within an organization have not been educated on how to manage it, the security framework of an organization may still be jeopardized.
The Financial Reality of Breach
Despite regular news stories of devastating cyberattacks, there appears to be a lack of understanding around the financial ramifications of a data breach. A whopping 94 percent of manufacturing IT professionals surveyed estimate that the financial damage of a cyberattack equates to 50 percent or less of annual revenue. However, the hard truth is that these costs can easily range between one to seven years – or more – worth of annual revenue, depending on the nature, size and scale of the breach, according to ABI Research.
This disconnect may also explain why 41 percent of manufacturing respondents say their dedicated cybersecurity budget is 5 percent or less of their overall budget. Understanding the full potential financial impact of a cyberattack may entice manufacturers to evaluate and increase their current security investment for 2020 and into the future, as cyber threats become more and more pertinent.
There are a lot of factors for manufacturers to consider when thinking about their cybersecurity agendas. Inevitably, organizations may need to increase their investments in security hardware, software, and employee training sooner rather than later so that they can be equipped for the next frontier of the digital workplace. Those organizations that get a jump start on safeguarding their enterprise can help set themselves up for long-term success.
*ABI Research collected the data from 1,015 respondents through an online survey conducted in April 2019. Respondents included IT decision-makers at the manager-, director- or C-level, from a full spectrum of U.S. companies, ranging from 500 to 5,000 employees, across multiple industries including Financial, Retail, Government, Manufacturing, e-Commerce, and Media, among others. The survey included 20 questions comprised of Likert-type, rating scale, rank order, and multiple-choice questions with additional options for open-ended answers.