Manufacturing businesses are advancing their stacks, but openings have sprung for bad actors. How can businesses kick the bucket on cyber risks?
It was recently predicted that two in five manufacturing businesses will experience a supply chain cyber-attack by 2025.
Though alarming, these are unsurprising statistics given the transformative period manufacturing has undergone in the last two decades. Manufacturing businesses have been pushing towards automation for greater efficiency and productivity, but their operational technology (OT) tends to have very long, useful lives, making support and maintenance like patching difficult and expensive.
While the industry has mostly moved away from legacy equipment and integrated with advanced technologies, it has expanded its threat landscape in the process. New doors, or holes, have opened up for criminals to disrupt operations and the potential for third-party risks has increased. The result for organizations is a need to prioritize cybersecurity measures to keep pace. Let’s take a closer look.
The impact of IT/OT convergence
As organizations strive to modernize their supply chains, adopting a digital-first strategy has become an imperative driven by both internal and external factors. Internally, stakeholders are driven by the need to reduce costs, increase operational efficiency and continue to innovate. Externally, organizations need to meet the evolving demands of clients and improve customer experience.
This push for digitalization has resulted in the convergence of IT and OT, two traditionally siloed systems. The modernization of legacy equipment, coupled with the adoption of third-party integrations and the incorporation of AI-driven analytics, has reshaped how manufacturing and OT work from end to end. These integrations not only support the automation of processes but also leverage AI for predictive analytics, becoming foundational to the modern supply chain.
Because these efforts to drive efficiency require specific skills, many organizations have turned to third-party integration and partnerships, bringing in specialized expertise and resources to drive efficiency and innovations. While this shift has been critical in helping businesses stay more agile, it has also introduced significant vulnerabilities.
Adding to the complexity, these vulnerabilities live upstream and downstream of the company in the supply chain, making them hard to detect and, in some cases, impossible to remediate directly. As IT and OT systems become inextricably linked, the complexity of the cyber threat landscape also expands.
Vulnerabilities in manufacturing cybersecurity
The manufacturing sector has become a prime target for cybercriminals seeking to exploit vulnerabilities in third-party integrations to steal sensitive data or disrupt operations. These attacks are fueled by various vectors, including legacy infrastructure that’s interconnected with recent technology, and new control systems for existing software, creating multiple potential entry points for malicious actors.
Another contributing factor to manufacturers’ vulnerabilities is a lack of deep understanding of their own threat surfaces, often leading to a false sense of security. Many companies may believe they’re adequately protected, only to discover vulnerabilities when it’s too late. Moreover, the sector’s reliance on third-party partnerships introduces additional risks, with experts predicting that issues within these partnerships could account for up to 60 percent of security incidents.
It’s also worth noting that there is sometimes resistance to modernizing legacy OT systems, largely due to the very specific use that these systems provide (think: interconnected control systems (ICS), to control dispersed and distributed assets and, within that, supervisory control and data acquisition (SCADA) systems, used for controlling, monitoring, and analyzing industrial devices and processes). Given their specific purpose, these systems can be sensitive to vulnerability patching. There’s a risk that the business will be negatively impacted, perhaps even taken offline completely if the changes don’t execute properly, leading to further hesitancy to update and patch.
The alternative? Air-gapping and isolating systems as much as possible from the rest of the network. However, this presents its own operational challenges, requiring most maintenance and monitoring to happen onsite.
These points of exposure leave the manufacturing sector susceptible to various types of cyberattacks, including hardware, software and third-party breaches.
Plugging the holes
In response to the evolving security landscape, manufacturing enterprises should be looking to implement additional cybersecurity measures to protect their digital assets and maintain operational resilience – therein plugging the holes. Many professionals are already leveraging advanced detection technologies to bolster their cybersecurity posture. Endpoint detection and response (EDR) solutions, for example, enable organizations to detect and respond to malicious activities on individual devices, providing real-time visibility and control over potential security incidents.
Elsewhere, network detection and response (NDR) technologies focus on monitoring and analyzing network traffic to identify anomalous behavior and potential security threats. By continuously monitoring network traffic and analyzing patterns, NDR solutions can detect and respond to cyber threats before they escalate into full-scale attacks.
Additionally, user behavior analytics (UBA) solutions analyze user activities and detect deviations from normal patterns to help organizations identify insider threats and anomalous user behavior. Leveraging machine learning algorithms and behavioral analytics allows UBA solutions to identify potential security risks and enable organizations to take proactive measures to mitigate them.
Managed detection and response (MDR) providers can also be a valuable solution. MDRs serve as an extension of an organization’s internal IT and security teams, augmenting staff with continuous monitoring, extensive expertise and incident response to rapidly contain threats and mitigate risk.
Implementing a combination of these detection technologies can aid manufacturing enterprises in enhancing their cybersecurity to better defend against a wide range of cyber threats. This helps safeguard their digital assets and maintains operational continuity while still allowing them to fully utilize third-party systems.
Additionally, implementing a zero-trust architecture – an approach that assumes no implicit trust for any user or device – can also significantly enhance resilience for manufacturers. Common in the OT space, zero-trust requires stricter identity verification, giving organizations more granular control over their networks and reducing the likelihood of an incident.
Containing future leaks – despite third-party integrations
The manufacturing sector is experiencing a profound transformation driven by rapid technological advancements and the convergence of IT and OT systems. Manufacturers are embracing novel and advanced technologies to improve efficiency and meet evolving market demands. However, because many of these advances leverage third-party integrations, they face heightened cyber threats and vulnerabilities. Simultaneously, cybercriminals are increasingly targeting manufacturing organizations, exploiting weaknesses in digital infrastructure to disrupt operations and steal sensitive data.
As supply chains become increasingly interconnected and reliant on these third parties, the potential impact of cyberattacks on manufacturing operations and global supply chains cannot be understated. Meaning – manufacturers must prioritize cybersecurity as a strategic imperative.
Instituting the right measures, conducting regular risk assessments and investing in employee training can help manufacturers mitigate cyber risks and safeguard their operations against emerging threats. In doing so, they not only protect their digital assets but maintain operational resilience and ensure they continue to realize the wealth of benefits that come with digitalization.
Greg Notch is the chief information security officer at Expel
