Let’s say you’re a threat actor looking for a target. Your ideal would be something big and vulnerable, right? And if your goal is profit over damage, an even better target would be so valuable that you could get paid to leave it alone.
Welcome to the reality of cybersecurity within manufacturing. Because of the industry’s low tolerance for downtime, manufacturing continues to sit atop the list of most targeted for cybercrime, especially extortion.
Why is manufacturing such an attractive target? It’s big, has a vastly dispersed supply chain, can’t afford long downtimes and, increasingly, has smart components that amplify the risks. But wait, there’s more! The stakes keep getting higher, too. The Internet of Things has turned tractors and appliances into connected devices that help us lead more productive lives. These smart machines also introduce new risks for privacy or data protection breaches.
Cybersecurity—from adversity to advantage
Ensuring cybersecurity across the supply chain is a business imperative—but it’s also an opportunity to claim a competitive edge. The best news is gaining a competitive edge through cybersecurity is mainly a matter of applying approaches you’re already using as a manufacturer.
Include the right thinking—and components—from the start
Bolting things on after the fact is seldom as effective as planning for and building them in along the way. Design with cybersecurity in mind and communicate those designs throughout your supply chain. This will save you time and potentially a lot of money.
If you discover a security vulnerability in an app’s initial planning phase, you can fix it quickly and inexpensively. Once you reach the coding phase, the fix costs 5x more. If you wait until component testing, you’re looking at 10x more, and fixing a security issue post-release costs 30x (3000%) more.
Automate wherever you can
As cyberattacks increase from all fronts, deploy AI and machine learning to help identify, triage and analyze the types and sources of attacks. The sheer volume of attempts makes it impossible for a human team to keep up, and a security operations center can be much more effective if it has credible information on trends and a short list of threats that require intervention, escalation or response.
As with all AI usage, we emphasize the importance of keeping a human in the loop to provide oversight and discernment that computers have not proven to be capable of (yet).
Partner for the skills you lack
One advantage of automation is that it helps address the current talent shortage in cybersecurity. You might also consider adding cybersecurity-managed services to your supply chain. That way, you’ll have access to the latest thinking and the skills to put it into action.
Additionally, a managed services provider with a strategy arm can elevate security beyond just an IT issue to a C-Suite or board-level topic, which is where it belongs.
Know your supply chain better than anyone else
Manufacturers have always required visibility into third (and fourth) party vendors to understand what they are sourcing and how they are getting or making it. But with the potential for bad code being introduced into smart components—either unwittingly or intentionally—and the associated costs with a post-release fix, the stakes have never been higher.
No matter how robust your cybersecurity practices may be, any vulnerability along the supply chain leaves you open.
This may be an area where a managed services partner could help, either by working with you on the assessment/auditing process or by working with several vendors across the supply chain to ensure consistent practices are being applied.
Advertise the process with the product
When consumers buy an appliance, it makes them feel better to see that energy efficient rating, just as they do when they see a symbol indicating that their shirt was made from recycled bottles.
Why not market the cybersecurity efforts that surround your manufacturing process? CISOs and CTOs could be working directly with CMOs to create a message that emphasizes the safety and high performance of a product—inside and out.
We recognize that applying a cybersecurity lens to common manufacturing approaches sounds easy in theory but requires a lot of work in practice. Is it worth the effort? With the cost of a cybersecurity breach averaging $4.5 million, I suspect most manufacturers have plenty to gain in turning themselves into cyber transformers.
Bob Bruns is the Chief Information Security Officer at Avanade, a provider of innovative digital, cloud and advisory services, industry solutions and design-led experiences across the Microsoft ecosystem.