- Cybersecurity is more important than ever for manufacturers because almost every device brought into a facility can be hacked and bring down a network.
- Many companies don’t offer training or any kind of best practices, according to Gary Olson at AT&T Cybersecurity, and that mindset needs to change. Cybersecurity must be a 24/7/365 mindset because of how much the internet permeates our day-to-day lives.
Businesses are adapting to momentous change thanks to the Industrial Internet of Things (IIoT) and Industry 4.0. Manufacturers are using technology to help digitize the factory environment, redefine how and where work is performed, simplify the supply chain and bringing information technology/operational technology (IT/OT) together.
The dark side to this is the increased cybersecurity risk. Devices that had been siloed off are now connecting to the internet, making them vulnerable to cyberattacks. Then there are the untold number of devices being brought into a facility daily.
Gary Olson, VP of secure edge solutions at AT&T Cybersecurity in his presentation “Securing the Edge: The Evolution to an Intelligent Enterprise” at IMTS 2022 in Chicago, said of the cybersecurity landscape, “The journey of where cyber is today and where it’s going tomorrow is unique. Every day is a new challenge.”
The challenge, he said, is also growing. He highlighted a series of 2021 cybersecurity trends and compared them to 2022.
“Just because we’re in 2022 doesn’t mean the ones in 2021 were accomplished,” he said. “Every day, something new gets added to the cybersecurity conversation.”
When it comes to the edge, cybersecurity is paramount because there is a lot of information being transmitted and disseminated. According to AT&T’s Annual Cybersecurity Insights Report, 78% of respondents are planning, have partially or have fully implemented an edge use case. The need for information coming faster means the devices closest to the action need to be protected from cyber attacks.
Dealing with a new manufacturing landscape
The IIoT allows users to gather more information than ever, but how they’re doing it has also changed. Users are no longer confined to a control room. They can gather information on their phone or a touchscreen and disseminate this over the internet. Olson called it a shadow network.
“Every IoT device is in your ecosystem and every device can connect to the internet, which means every one of your users is open to attack and so are your devices.”
He cited an example involving a hospital where the CIO, when quizzed on how many devices the hospital had, was stunned to find out there were more than 450 rather than the four originally believed. As it turned out, every surgeon was bringing in their speaker, which connected to the network as an insecure device, which made them vulnerable.
Four ways to increase cybersecurity shields
Olson said manufacturers can develop a basic plan and at least get the ball rolling. The four steps he cited were:
- Email management. Utilize tools and services to prevent phishing, which remains the #1 mode of cybersecurity attack.
- Patch management. Up-to-date software and patches for all operating systems (OS). Make it a regular part of the routine.
- Anti-malware tools. Proactive malware scan and protection that is up to date and looking for the latest potential attacks.
- Consistent backups. Develop a strategy for data backup and storage. Olson said it was critical the backup be done independent of the main device because if the user has to rollback, it has to be at a time when the system was healthy.
He added other steps companies can take to secure the edge such as two-factor authentication (2FA), endpoint security, enable dark web monitoring and an incident response and disaster recovery plan. Olson emphasized the need to make cybersecurity more than a passing thought. When he polled how many received cybersecurity training, about half the hands in the audience went up. Olson said that was a high number for him. It was often around 20%.
“Please make cybersecurity training that’s not just once a year,” Olson said. “You gotta make it part of your everyday hygiene.”
Developing a cybersecurity plan
Even if it’s just to start out, Olson said having a cybersecurity plan was better than not having one. He recommended starting with the four steps to raising the shields and developing from there.
“We need to do more of these sessions in the U.S. and the world,” Olson said. There are many bad and scary people and we have got to stop them. Cybersecurity is a team sport.”
Chris Vavra, web content manager, CFE Media and Technology, firstname.lastname@example.org