Manufacturing is undergoing some major changes and turning toward a digital transformation. Technology is becoming more intertwined with one another thanks to the Industrial Internet of Things (IIoT) and other concepts are bringing everything together. The world is heading toward a digitalized future. With these changes, though, come new risks, particularly on the cybersecurity front, which was explained in the presentation “Cybersecurity – Solutions for operational resiliency,” at Hannover Messe 2021 Digital Edition.
“All companies want to leverage digital solutions in the digital transformation journey,” said Tom Marshall, global cybersecurity marketing manager, Schneider Electric. “To do that, companies need to address cybersecurity. Cybersecurity is the foundation for digital transformation.”
Recognize need for cybersecurity in 6 ways
Many companies either don’t realize the risks and are leaving themselves open to attack. Marshall cited some alarming stats including:
- A ransomware attack occurs every 14 seconds.
- Almost 50 days typically pass between breach discovery and reporting dates
- More than 90% of malware is spread by email.
- The average cybersecurity breach costs $3.8 million.
- Seventy percent of employees don’t understand cybersecurity.
- Neither do companies: 2% of an information technology is used for cybersecurity.
Small wonder sophisticated attacks, which were months (if not years) in the making like SolarWinds keep happening. Oldsmar, by comparison, was an anomaly because it was detected right away and halted before the attacker could do anything malicious.
Four ways to address cybersecurity challenges
The manufacturing skills gap is often talked about when it comes to younger workers not joining the field. There is a similar skills gap when it comes to operational technology (OT) and cybersecurity, said Dee Kimata, director cybersecurity offer management, Schneider Electric.
“It’s a very niche skillset and in very high demand as OT cybersecurity attacks grow,” she said.
The demand is only going to increase, she said, because malicious attackers realize going after OT is fertile ground.
“More and more malicious actors are getting interested in the field of OT cyber, and they’re getting more sophisticated,” she said.
The lack of institutionalized knowledge doesn’t help matters. Kimata admitted it can be overwhelming trying to learn about cybersecurity standards, which are growing rapidly. Standards aren’t universal, either. What applies to one country may not for another. They aren’t unified by a long shot.
“It can seem daunting and overwhelming, which means it may not be managed effectively,” Kimata said.
How can companies manage these risks? Kimata recommended four methods:
- Leverage managed service experts.
- Start with cybersecurity controls and best practices with the biggest impact.
- Create a multi-year strategy to improve risk posture year-over-year.
- Address the basics to mitigate the majority of risks.
This sounds simple, but it will require a culture change because, in the same breath, there is a lack of cybersecurity expertise, budgets are limited and the attackers are getting bolder and more sophisticated.
Cybersecurity assessment benefits
Companies may not know where to start. There is a lot of ground to cover, and it’s easy to lose the forest for the trees. A cybersecurity assessment can, at least, provide a starting point and give the company an idea of where to start, Kimata said. The risk assessment process she outlined consists of four steps.
Step 1: Data collection (network diagrams, policies)
Step 2: Remote interview with key OT/cybersecurity stakeholders
Step 3: Generate a report with cybersecurity recommendations and policies
Step 4: Offer consulting services to provide a long-term roadmap that can be implemented.
These policies aren’t that different from the kind of assessment an OT team might receive from something unrelated to cybersecurity. These are fundamental cybersecurity best practices that can provide guidance and knowledge in an area that is sorely lacking in both right now. The clock is ticking and companies don’t want to be the victim of the next SolarWinds or Oldsmar cybersecurity attacks. Cybersecurity is especially important when many companies and individuals have been hit by a ransomware attack in the time it took to read this story.
Chris Vavra, web content manager, CFE Media and Technology, firstname.lastname@example.org.
See more about cybersecurity.