Today’s manufacturing industry is frequently targeted by hackers. In fact, more than 27 percent of worldwide cyber espionage activities are aimed towards these companies. Over the past year, 40 percent of all manufacturers have experienced a cybersecurity breach. Additionally, 38 percent of manufacturing breaches exceed $1 million in damages due to an average detection time of 229 days.
As more and more companies implement Internet of Things (IoT) technology, manufacturing cybersecurity will only grow in importance. Continuous connectivity and a complete lack of industry-wide security standards make for a potentially devastating combination unless these devices are properly considered and deployed. Here are four things to keep in mind when it comes to IoT and manufacturer security:
Before rolling out IoT, a manufacturing company should conduct an exhaustive, enterprise-wide assessment to understand where security threats are highest and how technology and information will most likely be targeted. Performing this audit makes it possible to not only understand where IoT most safely fits into an enterprise mobility program, but also provides a comprehensive security profile for an organization’s entire technological resources catalog.
It’s imperative that IoT efforts are audited and tracked regularly to ensure accuracy and updated security. In manufacturing today, nearly half of businesses aren’t aware of their IoT device count and only 14 percent have a formal process in place capable of recovering this information. This critical insight creates the secure foundation needed for IoT device management, communication protocols, networks and applications.
Once these tasks are complete, vulnerability assessments on individual IoT elements can be initiated. Manufacturers should map out worst-case scenarios and gauge the value of data that’s created, transferred and gathered by these devices. By doing so, a business can make informed decisions about which mission-critical devices and data flows need to be isolated and managed separately from high-traffic networks that increase exposure risks.
Device and Data Security
IoT security is a rising priority within manufacturing. In fact, 34 percent of organizations worldwide invested at least a quarter of their total IT security budget into IoT last year, leading to a 458 percent increase in IoT vulnerability scans and assessments.
It’s important for manufacturers to understand that, without comprehensive mobile policy and enforcement measures, device software could potentially never be updated or patched after initial deployment. Unprotected devices can make it almost impossible to prevent future attacks, and if a device falls into the wrong hands, its used, stored and created data isn’t the only thing in danger. That’s why 90 percent of manufacturing companies still lack full confidence in their IoT security abilities.
In addition, only 47 percent of manufacturers conduct daily analyses of device security logs and alerts. This is extremely concerning, as most emergencies require real-time and/or automated responses to protect connected devices and data. That’s why companies are beginning to use fog computing. As a superior IoT security option, this technology allows a business to store its data locally instead of on IoT devices, greatly limiting access points and information sharing risks.
Because of IoT’s interconnected nature, overall manufacturing business strategies need to align with IT strategy to influence and drive IoT security. Organizations need to not only actively involve executives in IoT decisions, but do so on a regular and continuous basis. More than 90 percent of manufacturers today involve their executives in IoT oversight to at least some degree, but only 17 percent of companies provide them with at least once-per-quarter oversight.
Successful IoT security often requires modifying existing corporate policies, standards or plans to incorporate new technologies, data sets and use cases. Without executive buy-in or participation, these changes are impossible. In fact, 40 percent of manufacturing companies aren’t currently able to include connected devices in their enterprise-wide incident response plans due to a lack of executive visibility into IoT-related strategy and decision-making.
It’s important to maintain clear lines of responsibility and consistent procedures from the top down so that even the most autonomous business units and initiatives adhere to organizational security expectations. Executives and upper-level management are typically the only groups capable of ensuring these activities remain protected.
Legal and Regulatory Issues
Like any new enterprise mobility technology, IoT can leave a manufacturing company susceptible to violations of data privacy laws after leaks or losses, or even create new violations altogether as its capabilities are still relatively unknown.
To avoid potential concerns and issues, each connected device should be thoroughly researched and investigated before its implementation. Devices should include software/firmware update capabilities, system reset mechanisms, device support resources, manufacturer contact information, a support forum and a basic support label visible on the device. Additionally, devices shouldn’t be utilized if they require ancillary services like third party support or security backdoors to function.
The manufacturing industry is quickly turning to IoT for innovation and increased efficiency. Within the next 20 years, industrial machinery equipped with connected devices will add $10 to $15 trillion to the global GDP. Future industry success is largely dependent on how well manufacturers are able to implement and adhere to IoT security best practices and considerations.
Mitch Black is President of MOBI.