Around 53% of organizations – including 60% of heavy-industry and 56% of pharma and life sciences firms – agree that most future cyberthreats will feature smart factories as their primary targets. However, a high level of awareness doesn’t automatically translate to business preparedness. A lack of C-suite focus, limited budget, and human factors are noted as the top cybersecurity challenges for manufacturers to overcome.
Geert van der Linden, Cybersecurity Business Lead at Capgemini said: “The benefits of digital transformation make manufacturers want to invest heavily in smart factories, but efforts could be undone in the blink of an eye if cybersecurity is not baked-in from the offset. The increased attack surface area and number of operational technology (OT) and Industrial Internet of Things (IIOT) devices make smart factories a prominent target for cyber criminals. Unless this is made a board-level priority, it will be difficult for organizations to overcome these challenges, educate their employees and vendors, and streamline communication between cybersecurity teams and the C-suite.”
Organizations face multiple challenges in bolstering cybersecurity at smart factories
The research found that, for many organizations, cybersecurity is not a major design factor; only 51% build cybersecurity practices in their smart factories by default. Unlike IT platforms, all organizations may not be able to scan machines at a smart factory during operational uptime.
System-level visibility of IIOT and OT devices is essential to detect when they have been compromised; 77% are concerned about the regular use of non-standard smart factory processes to repair or update OT/IIOT systems. This challenge partly originates from the low availability of the correct tools and processes, however a significant share of organizations (51%), said that smart factory cyberthreats primarily originate from their partner and vendor networks. Since 2019, 28% noted a 20% increase in employees or vendors bringing in infected devices, such as laptops and handheld devices, to install/patch smart-factory machinery.
People, not technology, remain the top threat to cybersecurity
When it comes to incidents, only a few of the organizations surveyed claimed that their cybersecurity teams have the required knowledge and skills to carry out urgent security patching without external support. One common cause for this widespread inadequacy is the lack of a cybersecurity leader to spearhead the required upskilling program.
When coupled with the scarcity of talent this becomes a significant challenge; 57% of organizations say that the scarcity of smart factory cybersecurity talent is much more acute than that of IT cybersecurity talent. Many organizations said that their cybersecurity analysts are overwhelmed by the vast array of OT and IIOT devices they must track to detect and prevent attempted intrusions. Moreover, cybersecurity executives said they will be unable to respond effectively to attacks in their smart factories and manufacturing locations.
A lack of collaboration between smart factory leaders and the Chief Security Officer is also an area of concern for more than half of respondents. This inability to communicate hinders an organizations’ ability to detect cyber-attacks early leading to a higher level of damage.
Cybersecurity leaders take the market advantage
The report found that “Cybersecurity Leaders” who deploy mature practices across the critical pillars of cybersecurity: awareness, preparedness, and implementation of cybersecurity in smart factories, outperform their peers in multiple aspects. These include recognizing attack patterns at their early stage of deployment (74%) and reducing the impact of these attacks (72%), compared to just 46% and 41% of other organizations respectively.
Based on the analysis and insights from the ‘Cybersecurity Leaders’ identified, the report proposes a six-step approach to develop a robust cybersecurity strategy for smart factories:
· Perform an initial cybersecurity assessment
· Build awareness of smart factory cyberthreats across the organization
· Identify risk ownership for cyberattacks in smart factories
· Establish frameworks for smart factory cybersecurity
· Create cybersecurity practices tailored to smart factories
· Establish governance structure and communication framework with enterprise IT