Securing IoT Devices, Tools, and Manufacturing Data

Ryan Spurr

Manufacturing has made the digital transformation. The good news is that digital factories are more efficient and have better production levels because problems with machines can be identified and addressed in real time.

The downside of digital factories is they are susceptible to the same security concerns as other connected organizations. In fact, 25% of all global cybersecurity incidents occurred within the manufacturing industry, according to IBM’s X-Force Threat Intelligence Index 2024. Four in ten attacks in U.S. manufacturing were caused through the use of compromised credentials where cybercriminals used legitimate account access to get into factory systems.

Why are attacks against manufacturing on the rise? Where machines were once stand-alone devices, they now access information from the cloud and utilize AI. The number sensors, IoT and IIoT devices, and connected machines spread across a large manufacturing plant present an expanding threat landscape. Manufacturing is an industry that can afford little downtime, as it impacts the supply chain, and many factories are among the sectors that make up the critical infrastructure. Cybercriminals know they can demand—and receive—handsome financial payouts if they take machines offline.

Biggest Security Challenges

Even in a manufacturing environment, many of the security challenges faced are the same ones found in any other work environment. There are social engineering attacks, Web-based denial of service attacks, software supply chain attacks, and malware.

Shadow IT and a lack of skilled workers to handle IT and security in manufacturing is more acute than it is in other IT environments. A lack of security professionals trained to handle manufacturing means it is more difficult to detect and mitigate problems. Workers try to take matters into their own hands by using shadow IT to handle equipment failures, which can lead to undetected access into the system.

Securing data in manufacturing is another unique challenge. Threat actors and nation states see data compromise in two ways—disruption of the supply chain and theft of intellectual property. Increasingly, ransomware is responsible for the compromise and theft of manufacturing-based data. Already in 2024, approximately two-thirds of factories reported a ransomware attack, and most of these companies report that these attacks are targeting both primary and backup data sources.

Securing IoT, Tools, and Data in the Manufacturing Environment

Securing IoT devices, tools, and manufacturing data requires a comprehensive and layered approach. Here are some best practices for securing the smart factory:

  • Endpoint Protection: All IoT and IIoT devices need the latest firmware updates and least privilege authentication to prevent unauthorized access.
  • Network Security: Basic network security tools like firewalls, intrusion detection systems (IDSs), and virtual private networks (VPNs) protect data as it is transmitted between devices and systems. Additionally, Citizens Broadband Radio Service (CBRS) can be used to deploy private 5G, offering greater range of signal and more security than standard Wi-Fi by protecting IoT devices from unauthorized access.
  • Anomaly Detection: Machine learning and AI tools can help identify unusual behavior or patterns that could indicate a cyber incident.
  • Access Control Policies: Policies like least privilege permissions and tools that cover identity and access management limit who has access to IoT devices and data.
  • Real-time Monitoring and Alerts: Real-time monitoring and alert systems will quickly detect and respond to potential security threats.
  • Automated Threat Remediation: Automated threat remediation will address vulnerabilities and attacks efficiently.

However, one of the biggest problems with IoT and IIoT devices is that most can’t be upgraded or patched, so security teams need to find other methods to protect their assets. These can include:

  • Industrial asset discovery that focuses on vulnerabilities unique to this environment
  • Identification and ongoing monitoring of cybersecurity and compliance using our Managed Cybersecurity and Compliance Services
  • Putting a Zero Trust network assets architecture in place to give at-risk devices additional defenses
  • Use third-party remote access security solutions

With these security measures, manufacturing organizations offer high levels of layered security for IoT devices and data against cyberthreats. By minimizing risk, you can avoid costly downtime and production disruptions.

For more information on how to secure IoT in a manufacturing environment, visit our Modern Infrastructure and Cybersecurity webpages.

Ryan Spurr is the Director of Manufacturing Strategy at Connection with 20+ years of experience in manufacturing, information technology, and portfolio leadership. He leads the Connection Manufacturing Practice, go-to-market strategy, client engagement, and advisory services focusing on operational technology (OT) and information technology that make manufacturers more digitally excellent.

© PC CONNECTION, INC. ALL RIGHTS RESERVED.