CybersecurityThe digitization of the manufacturing sector is producing increased growth, efficiency and profitability. However, the evolution of manufacturing technology has exposed the industry to increased cybersecurity risk, with cybercriminals looking to exploit any weakness possible.

In fact, in 2023 manufacturing was listed as the most targeted industry for cyberattacks, accounting for 19.5% of all attacks. Furthermore, 48% of manufacturers surveyed identified operational risks, which include cybersecurity, as the greatest danger to smart factory initiatives.

While speaking about cybersecurity at AEM’s Product Safety & Compliance Seminar, Tom Meehan, president of AEM member company CONTROLTEK, spoke on how important maintaining secure networks is, and what tactics can be employed to do so.

“The digital risk today is very different than it was even two or three years ago. Today, we are hyper-digitalized, and we are dependent on cyber methodology more than we’ve ever been. Today, almost everybody has more than one mobile device with them,” said Meehan.

There are several tactics that organizations can use to mitigate emerging cyberthreats:

  • Employing multi-factor authentication (MFA) -- MFA increases security, because even if one credential becomes compromised, unauthorized users won’t be able to meet the second authentication requirement and won’t be able to access the targeted physical space, computing device, network or database. Most organizations have implemented MFA at this point. However, retraining employees on the importance and reasoning behind MFA will ensure that employees take this step seriously.
  • Separating work and personal technology. -- With remote work as prevalent as it is today, there are a multitude of new ways in which cybercriminals can access organizational data, said Meehan. From accessing work email accounts on personal computers to clicking on unverified links at home, employees are more susceptible to cybersecurity attacks than ever before. It’s critically important to remind employees to never click on suspicious links, links from outside of your organization and to not send important information over unsecure networks (such as ones found in public places like restaurants, bars and coffee shops). Ensure that employees are on the same page on organizational cybersecurity standards, and consider offering refresher courses to keep security top of mind.
  • Thinking before clicking! -- Both malware and phishing are still incredibly popular among cybercriminals, and it’s not hard to see why. All it takes is one employee accidentally clicking on an untrustworthy link or downloading a file for a cybercriminal to get their hands on confidential information. Nine out of 10 cyber incidents are caused by human error, and with consistent cybersecurity training this risk can be lowered. However, human error will always exist, and no system interacting with humans can ever be 100% secure.
  • Taking a zero-trust approach. -- Assume everything is a threat. Therefore, require all users whether internal or external to be authenticated, authorized and validated on an ongoing basis before being granted or maintaining access to applications. The goal is to prevent unauthorized access to data and services and make access control enforcement as granular as possible.
  • Creating an incident response plan and being prepared. -- Designate a crisis response team with main points of contact for any suspected cybersecurity incidents. Ensure that roles and responsibilities are outlined, including technology, communications and legal, for when a cybersecurity breach happens. According to Meehan, response plans are just as important as preventative measures.

With increased technology implementation and evolution, manufacturers should work collaboratively to develop an industry-wide gold standard for cybersecurity. Manufacturers are attacking the issue of cybersecurity from different angles, and if the industry could gain alignment, then cybersecurity efforts would be more consistent and effective. Senior management should empower CISOs by including them in the decision-making process for risk to the company, and they should ensure that the entire organization understands that security investments are a top priority. 

It’s more important than ever to have a cybersecurity response plan in place, and to stay up to date on cybersecurity trends. The Cybersecurity & Infrastructure Security Agency (CISA) provides several resources for the manufacturing industry, including online trainings, guidance on cybersecurity and regional cybersecurity roundtables. CISA consolidates effective industry security practices into a framework for owners and operators to select and implement security activities and measures.

“Be just as prepared for an incident to happen as you are to prevent an incident. One of the biggest things that companies struggle with is when they have an incident, they don’t respond well,” said Meehan.

As the industry adopts digitalization wholeheartedly, there is no way to ignore the risk that cybercriminals present to equipment manufacturers. In the future, it’s clear the manufacturing industry will need to put a concerted effort into developing a gold standard, training and retraining employees and creating plans for cyber incident prevention and response. With all the above-listed components in place, manufacturers can rest easy knowing that they are as safe and prepared as possible.

About AEM’s Product Safety & Compliance Seminar and Liability Seminar

Join AEM April 22-25, 2024, at the Crown Plaza Chicago O'Hare in Rosemont, Illinois.

Get equipped with uniquely valuable insights on the latest in standards, regulations and best practices to move your product safety & compliance and liability programs forward.

Attend this annual event for perspectives and networking with your peers.

Subscribe to the AEM Industry Advisor for more AEM news and updates.