Manufacturing executives concerned about cybersecurity protection

Manufacturing executives lack confidence their assets are protected from external threats, a study by Deloitte and the Manufacturers Alliance for Productivity and Innovation (MAPI).

By Gregory Hale, ISSSource December 23, 2016

Manufacturing executives lack confidence their assets are protected from external threats, a study by Deloitte and the Manufacturers Alliance for Productivity and Innovation (MAPI).

Due to the growing severity and sophistication of cyberattacks, 52% of surveyed executives are either very confident or extremely confident their organization’s assets are protected from external threats, leaving 48% of manufacturers somewhat confident or less.

On top of that, nearly 40% of manufacturing companies ended up affected by cyber incidents in the past 12 months, and 38% of those that felt the effects indicated cyber breaches resulted in damages in excess of $1 million, the report said.

The findings illustrate manufacturers have a keen awareness of the present and future risks their organizations face, and have opportunities to fine-tune their strategies to address what lies ahead.

"The pace and impact of innovation, coupled with cyber security risk, creates a risk environment that must be carefully managed," said Brian Clark, partner, Deloitte & Touche LLP, and co-author of the study. "Product innovation can rapidly make existing products obsolete, potentially delivering considerable value to the innovator while leaving the unprepared facing competitive disadvantages. Further, technological innovation enables the manufacturing business model more, but can present a strategic risk as well. For manufacturers to thrive amid the ever-changing risk landscape, a company’s risk assessment practices should align with those changes."

Manufacturers noted the top motives of cyberattacks to be financial theft, intellectual property theft, and targeted attacks on senior executives for financial gain or access to company strategies or investments.

These manufacturers reported that in the past 12 months, the highest number of incidents originated within the organization (46%), while 39% came from external sources and 15% originated from vendors and business partners.

Persistent threats

Top threats arising from within the organization include phishing/pharming (32%), direct abuse of information technology systems (25%), errors/omissions (26%), and use of mobile devices (24%).

"Organizations should establish a risk assessment program that fits into its unique culture and risks," said Les Miller, internal audit council director and deputy general counsel of MAPI. "Since change is constant and can occur suddenly, ongoing efforts to enhance the sophistication and variety of risk assessment techniques are needed."

Industrial control systems operate highly automated manufacturing processes where employee safety, environmental protection, and operational efficiency are of paramount importance. Yet, 50% of surveyed companies indicate they perform vulnerability testing for industrial control systems less than once a month and 31% have never done an assessment.

These are essential tools for identifying and mitigating cyber risks on the shop floor and clarifying organizational responsibilities between IT and operational technology employees. By implementing technologies to provide automated 24/7 cyber threat monitoring, manufacturers can become more vigilant in protecting critical manufacturing operations.

Increasing reliance on technology-enabled connected products brings a new set of risks to manufacturers. Among executives surveyed, 45% said their organization uses mobile applications and 35% cited sensor controls. However, 40% of respondents said they have not yet incorporated connected products into the company’s cyber incident response plan.

Planning ahead before a breach occurs—so the entire organization is prepared to respond and quickly neutralize threats—can help companies become more resilient.

Leading companies design security into connected products and integrate them into the cyber program from the start.

"Company leadership needs to understand their comprehensive cyber risk profile to appropriately allocate resources to mitigate risk," said Stephen Gold, president and chief executive at MAPI. 

Gregory Hale is the editor and founder of Industrial Safety and Security Source (ISSSource.com), a news and information Website covering safety and security issues in the manufacturing automation sector. This content originally appeared on ISSSource.com. Edited by Chris Vavra, production editor, CFE Media, Control Engineeringcvavra@cfemedia.com.

ONLINE extra

See additional stories from ISSSource about the IIoT linked below.

Original content can be found at www.isssource.com.