Thomson Mathew runs us through a half-dozen ways to keep your factory safe from cyberattacks in this part of our Cybersecurity – Identity and Access Management series.
While smart factories are revolutionising the manufacturing industry, being connected comes with new risk factors that must be addressed. A Deloitte study revealed that 48% of manufacturers identified operational risks—including cybersecurity—as the greatest danger to their factories.
Manufacturing can be a lucrative ‘get’ for cyberattackers, targeting your intellectual property or blocking production. Businesses risk financial, time and productivity losses if they don’t get the balance right. So, how can you make sure your business is safe?
The cloud offers manufacturers an unprecedented level of flexibility, from lights-out manufacturing to remote real-time data. But this level of connection can expose your business to attack.
While it may be your first concern, the risk isn’t limited to connected machines. Manufacturers can also be vulnerable to phishing attacks, ransomware and internal breaches, among others. This means company phones, email addresses and laptops should all be protected. Relying on supply chains also means manufacturing can be disrupted by attacks on suppliers and distributors. Having a clear picture of risk areas is the first step to creating a secure network.
A false sense of security can be devastating to a manufacturing business if a cyberattack eventuates. Even if you’re on top of what needs to be done, you must ensure everyone in the business understands the risks—human behaviour is a significant factor in compromised systems!
Operational technology, including tooling machines, creates endless opportunities for manufacturers. In the past, these machines had no external links to networks and so weren’t vulnerable to digital attacks.
Running machines 24/7 means relying on the network to remain secure even when you’re not there. Because of these risks, the machines my company makes have been designed to use whitelisting to ascertain networks can only be accessed by predetermined parties. That means new software and devices must be authorised before they can be added, massively reducing the risk of introducing viruses, malware or weak points. Each piece of software has been thoroughly assessed for vulnerabilities before being whitelisted, so manufacturers can be assured of their machines’ security.
If you’re using a tooling machine, you’re exposing your systems to external third parties. The potential consequences are that you could lose data, you could lose productivity time, or you’ll have ongoing maintenance. You’re putting your machine at risk.
Your manufacturing business isn’t just the machines in your factory. It includes other businesses— like material suppliers, logistics companies and even accountants—and all of their extended networks. Any vulnerability they have can affect your business outcomes.
Speak to each of your stakeholders about what they do to protect their networks. You may not be able to change their approach, but it’ll help you to mitigate the risk at your end, for example, by choosing a more secure supplier or looking into vertical integration.
Even the most secure cloud and digital systems can fail. To ensure your IP is as robust as possible, and to limit the impact on your productivity, you should be performing regular offline backups away from your network.
It’s best to be overcautious. Store multiple backups in different places to better distribute the risk of further data loss—and make sure those locations are secure, too.
Automating this process eliminates the need to remember to do it (often until it’s too late) but performing periodic manual backups will give you the best coverage.
Cybercrime is big business—some reports suggest it’s the equivalent of the world’s third-largest economy, inflicting damages in the trillions of dollars every year. Globally, spending on cybersecurity is expected to grow to almost US$350 billion by 2026.
With so much at stake, the goalposts are constantly changing. New viruses appear in the market every day, with rapid patching and greater security a constant feature. To guarantee your business’s ongoing safety, be ready to respond to new threats by frequently updating all software—not just your antivirus—and deferring to machine experts as situations change.
Picture: ANCA CNC Machines
Thomson Mathew is Software Product Manager at ANCA.
@AuManufacturing’s Cybersecurity – Identity and Access Management series is brought to you through the support of Thales Cloud Protection & Licensing (CPL).
Subscribe to our free @AuManufacturing newsletter here.