Okay, we get it! Security is a huge risk in manufacturing. We already have end point protection, firewalls, and corporate security policies. What else do we need?
Manufacturing has indeed become a huge target. In fact, it was the second-most-attacked industry in 2020, up from eighth position the prior year.1 While threats are one thing, 33% of cybersecurity attacks in manufacturing succeeded and 35% resulted in operational or plant outages.2
This is a big deal! It means what was once deemed by manufacturing leaders as a risk avoidance topic has now become a very likely outcome. With the increased sophistication in attacks, legacy system vulnerabilities, and massive amounts of logging, the old mindsets like “air gapping” or firewalling are no longer enough. Even with robust security hardware, policy, and industry compliance, it’s no wonder why 40% of organizations are not confident their teams would be able to handle a data breach.3 So what should manufacturers explore next to improve their security posture?
Detection, Containment, and Remediation
It’s important to note that most manufacturing organizations still haven’t taken security seriously or implemented the necessary investment measures. But for the purpose of this blog, let’s assume your business has a strong OT/IT relationship and has implemented a thoughtful mix of network, physical, and software security solutions across factories, warehouses, and the traditional IT landscape.
These actions by themselves go a long way to minimize the all-likely risk and hinder the spread and efficacy of attacks. But as we know, these measures alone cannot prevent your business from shutting down operations for days due to ransomware or another cyber incident. Remember, it’s all about detection, containment, and remediation. It’s this last point where many organizations struggle in response to a cyber event.
Does your organization have a security operations center (SOC)? Is it staffed 24/7/365? Has your organization integrated your security solutions and logging into SIEM/SOC? Do you have a well-laid response plan when threats are identified?
If you answered no to any of these questions, your organization is at risk. According to 65% of organizations, the top barrier to security operations is a lack of visibility into the security infrastructure, 69% of security operations are ineffective due to a lack of visibility into network traffic, and only about 50% of SOCs have threat intelligence.3 To make things worse, 35% of attacks occur between 8 p.m. and 8 a.m.—when most IT and Security workers are offline4—leaving your organization vulnerable and allowing threats time to propagate and affect your industrial infrastructure.
A Lack of Security Resources
Security is a risk avoidance business conversation, and it’s expensive. Implementing the necessary solutions and staffing are costly endeavors for even the largest of organizations. And when done correctly, these security solutions produce massive amounts of data that must be consumed, analyzed, and actioned. For most manufacturing organizations, this is a daunting task for already thinly-stretched IT organizations. Even those who take this topic seriously struggle to find the talented security professionals necessary to staff their security operations. It’s not just an HR challenge, 87% of organizations face moderate to extreme security risk due to security talent shortages.5
Manufacturing is also adding complexity and rapidly transforming its technology landscape, especially in the operational technology environments. With technology across the entirety of the average manufacturing tech estate, organizations are facing integration across their whole technology stack—industrial control systems (ICS), endpoint protection, network, data center, cloud services—and across a heterogenous range of brands. Most manufacturers are still trying to integrate their core business systems (like ERP, MES, and SCADA), never mind focusing on the integration, orchestration, and real-time response management necessary for security operations.
Is this what manufacturers want to focus on? Is this where your organization’s finite resources should be aimed? Or perhaps, like with other areas of our businesses, we should explore new models or services that allow us to get these necessary capabilities by augmenting with a trusted partner?
The Answer Is Clear
Security is fundamental, especially as manufacturers become more digitally integrated and reliant upon technology. That technology should enable operational excellence—not distract from the core mission to design and produce products. While manufacturers must invest in security solutions, it doesn’t mean they must “roll their own.” Like cloud adoption in the manufacturing sector, we see massive growth in managed services adoption in areas like security operations (SOC as a service). Manufacturers are revisiting the costs and complexities of their security operations to that of a managed security operations service. In doing so, they quickly realize the benefits of augmenting an essential element of their business with an existing pool of talented security professionals executing with the best processes and toolsets.
In addition to improving your overall security posture (or meeting essential compliance requirements like ISO27001, NIST 800-171, or CMMC), you will also open your organization to advanced security capabilities and services to evolve your cybersecurity program over time or as business requires. And for those organizations that need it, most managed security operations partners offer additional services like remediation, root cause analysis, and other post-event services to help you act quickly.
As IT, OT, or business leaders, I implore you to consider the option of assigning security operations to trusted partners who focus on nothing but security and maintain the necessary talent to monitor and act. Managed security services can offer manufacturing leadership confidence that their security operations will rise to the occasion and allow the organization to focus on manufacturing, operational excellence, and growth.
Contact us today to learn more about Connection’s Manufacturing Practice, our Security Experts, or to discuss next-generation security challenges highlighted in this article.
1 IBM, 2021, IBM X-Force Threat Intelligence Index
2 Industry Week, 2021, Bombardier Suffers Cyber Attack
3 Ponemon Sullivan Privacy Report, 2019, Two-thirds of Security Workers Consider Quitting Because of Burnout
4 Arctic Wolf, 2020, Security Operations Annual Report
5 CyberEdge Group, 2021, Cyberthreat Defense Report
Ryan Spurr
Ryan Spurr is the Director of Manufacturing Strategy at Connection with 20+ years of experience in manufacturing, information technology, and portfolio leadership. He leads the Connection Manufacturing Practice, go-to-market strategy, client engagement, and advisory services focusing on operational technology (OT) and information technology that make manufacturers more digitally excellent.
