According to the “Force Threat Intelligence Index 2023” report from IBM, the industrial sector currently ranks first among the most common targets of cyber attacks, accounting for 28% of all incidents. Moreover, it was Europe that recorded a record number of incidents last year. What cyber security challenges do manufacturing plants face, and what should they pay special attention to in order to avoid the threat from hackers?
If we compare manufacturing companies, they are widely familiar with automation and IT. It is not uncommon for them to have specialized IT teams taking care of cyber security and infrastructure protection. Although this comes at a high cost. An alternative may be cloud solutions, which are definitely cheaper. However, there is a perception that having your own IT infrastructure, independent of the Internet, is more secure than outsourcing.
Preparing for cyber attacks, however, requires not only network or server infrastructure readiness, but above all employee education. Many attacks targetemployees individually via email or through the
unsafe websites. And this, unfortunately, often cannot be secured or is very difficult. This is because it would result in restrictions on the functioning of other areas. I therefore believe that cyber security education is crucial, although often underestimated. The aforementioned report confirms this. The survey found that last year the weakest links of European companies were:
The report observed that attackers are increasingly investing in operations to obtain the identities of users around the world. It noted an increase of as much as 266% in the number of malware stealing information such as email inbox, bank account and social network credentials.
It is not the cost of hiring specialists or technology (the cost of, among other things, implementing various types of security systems is now lower than it was just a few years ago), but the lack of adequate knowledge that is the biggest threat to cyber security in the industry. The ways in which various types of attacks are now being carried out are becoming increasingly finicky. Even those with the right expertise are finding it increasingly difficult to properly prepare for them. Moreover, just having an IT or cybersecurity department is not the way to solve problems. You can have many specialists who will create a 99.9% leak-proof system, but there is always that 0.1% left that can be used against us. Therefore, it seems to me that the most important barrier is education.
Another aspect is the prevailing public perception that cyber attacks are not currently a real threat. Two decades ago, there were still no threats from online activities, or even on devices not connected to the Internet (it is worth remembering that a device disconnected from the Internet can also be vulnerable to potential attacks). Today, however, it is a widely recognized problem.
In my opinion, the biggest threat is email and computers with Internet access. This is because there are many ways to infiltrate these systems. The key is to skillfully separate the different categories of devices, for example, so that locking or infecting one office computer does not lead to stopping machines or the entire production plant. Therefore, educating employees at all organizational levels seems to be the primary issue.
This is difficult to clearly define. The total cost is made up of many elements, such as the fee for the person who blocked our equipment, but also the costs associated with the downtime and the opportunity cost (during the downtime we do not produce or manufacture any goods). So it’s worth considering how much it costs to halt our factory’s operations for a day, a few days or even weeks, since we can’t fully recover from an attack in a few hours. The cost in terms of image damage should also be mentioned.
On a daily basis, I am involved in the development of a company specializing in the design and implementation of systems for recording and visualizing a variety of data. Thus, our entire team pays great attention to the security of data storage. We also pay special attention to the authorization and internal training of our employees. This makes sure that there is no leakage of know-how.
All our systems are implemented in accordance with the security policies of the companies we work with. Each project implemented by our company is created in cooperation with engineering activities, including IT and cyber security. I believe this is the best approach, as it allows external systems to be aligned with the policies of a particular company.
Source:
www.ibm.com/account/reg/us-en/signup?formid=urx-52629
