Manufacturing is experiencing an increase in cyberattacks
Globally, 80% of firms experienced a significant increase in overall security incidents or breaches last year, according to a study by Omdia. In spite of this, only 45% of organisations are adequately prepared to deal with cyber security threats.
In its survey, Omdia interviewed over 500 technology executives about how they manage cyber security challenges and how they integrate information technology (IT) and operational technology (OT). As part of the study, Telstra International, Telstra's global arm, produced a report.
The Omdia report can be downloaded here:
Telstra International Omdia IT OT Whitepaper
Cyber attacks are on the rise as manufacturers are leveraging technologies such as the cloud, artificial intelligence and Internet of Things (IoT) as part of their digital transformation, otherwise known as Industry 4.0. In addition to increasing scale, resilience and efficiency in operations, the convergence of IT with traditional OT can increase scale, resilience and efficiency in operations, but it also increases the attack surface for cyber threats. Cyber exploitation, including ransomware, is becoming increasingly lucrative for critical industries.
Individual firms affected by a cyber attack reported a resilience or availability issue that cost them $200,000 to $2 million, with incidents affecting enterprise and corporate systems and production control accounting for the biggest losses.
Key findings from the report
Geraldine Kor, Telstra International’s Head of Global Enterprise Business, said: “Greater connectivity between IT and OT is necessary to harness advanced technology for manufacturing innovation, but it increases the risks of a breach. However, very few firms are mature in protecting and defending against such cyber risks.
“Our study also uncovered a fragmented approach to security responsibility, which can leave manufacturing businesses without a clear direction. This responsibility must be clear and integrated so that one group or person will have the authority to act on security challenges for mission-critical systems. It is equally important to have the right people and security-focused culture as their absence will hinder security posture readiness, compounding technical challenges.”
Ganesh Narayanan, Telstra International’s Global Head of Cyber Security, noted that manufacturing and other industrial sectors historically relied on air gapping for security, where OT systems are typically segregated from corporate IT systems to protect against external threats.
However, this approach is no longer sustainable with increasing IT/OT convergence, which expands the threat surface significantly.
He said: “IT and OT integration create enormous value for organisations across industries, although organisations must address risks to unlock its potential. Organisations should prioritise IT/OT and IoT security across six core areas: Collaboration and planning, defining a strategy, bolstering technical expertise, assign responsibility and accountability, leveraging the right tools, and expedite readiness with standards.”
Adam Etherington, Senior Principal Analyst at Omdia, said: “Our study illuminates critical attack vectors and lessons learned, and provides timely advice for any executive responsible for IT and OT.
“More pervasive connectivity between IT and OT is essential across greenfield and brownfield manufacturing system design and enhancements. Step change improvements to innovation, availability, safety and security require firms to harness cloud, IoT, AI and private networks, with IT/OT convergence bringing these technologies to life.
“However, most firms have been hit with expensive outages and security incidents while traditional security controls, policies and culture struggle to keep pace. Given the magnitude of downtime costs from any breach or network incident that impacted operations, it’s important to better understand the causes for proactive remediation.”
Speak to Temple about ISO 27001
Temple QMS is a leading provider of ISO/IEC 27001 implementation
ISO 27000 family of standards helps organisations keep information assets secure. Using this family of standards will help your organisation manage the security of assets such as financial information, intellectual property, employee details or information entrusted to you by third parties.
Using identification, analysis, and actionable controls, the standard proposes a best practice framework for ISMSs that mitigates risks and safeguards business-critical data. An ISO 27001 certification demonstrates your organisation's commitment to protecting its information - and the information of its customers - from increasingly complex threats.