According to a report from MAPI, the Manufacturing Alliance, in partnership with the consultants at Deloitte, in addition to risk associated with intellectual property (IP), two important trends are adding to cyber-risks for manufacturers:
1. So-called industry 4.0 digital manufacturing opportunities and increased interconnectivity of the industrial ecosystem, offering bad guys a wider target to hack.
2. Rapid adoption of sensor technology, smart products, and Internet of Things (IoT) strategies, which now create cyber-risks for manufacturers outside the four walls of the enterprise or shop floor.
Highlights of the survey data include:
• 48 percent of manufacturing respondents say funding for cybersecurity is lacking.
• One-third of manufacturers indicate their cybersecurity budgets have either remained flat or decreased over the past three years despite the growing concern posed by cyber-risk.
• Manufacturing executives indicate that four of the top 10 cyberthreats facing their organizations are directly attributable to internal employees. These threats include: phishing/pharming, direct abuse of IT systems, errors/omissions, and use of mobile devices.
• Chief information security officer (CISO) reporting structures vary significantly within manufacturing organizations, as 30 percent of executives indicate their company's CISO reports directly to the Chief Executive Officer (CEO) while a further 31 percent report to the Chief Information Officer (CIO), leaving nearly 40 percent of CISOs reporting to someone else in the organization.
• In 42 percent of surveyed advanced manufacturing companies, the responsibility for IP protection falls to someone other than the CISO (20 percent) or the CIO (33 percent). In fact, 20 percent of executives indicate IP protection falls under the head of R&D while a further 22 percent of executives said this responsibility falls to the head of manufacturing.
• Almost one-third of manufacturers have not performed any cyber-risk assessments specifically focused on the Industrial Control System (ISC) operating on their shop floors, resulting in a potentially significant risk to their operations. Further, nearly two-thirds of companies that have performed an ICS cyber-risk assessment used internal resources, potentially introducing organizational bias into the assessment process.
• Half of all advanced manufacturing companies address shop floor related security vulnerabilities through "network segmentation." Further, 43 percent of manufacturing executives said they isolate their facilities from outside networks (i.e., "air-gapping"). However, although air-gapping is a common approach to ISC security, when companies actually take the next step to test that strategy, they often find it is a fallacy.
• Half of the manufacturing executives surveyed indicate their companies perform targeted vulnerability or penetration tests on their ICS less than one time per month.
• Nearly 40 percent of manufacturers do not incorporate connected or "smart" products within the company's broader incident response plan, signaling a need for a more holistic approach to cyber-risk in this area.
The report also found that many manufacturers are just beginning to assess cyber-risks related to key third parties in their broader supply chain networks, such as subcontractors, suppliers, logistics service providers, and other critical business partners.
For more details, visit https://www.mapi.net/forecasts-data/cyber-risk-advanced-manufacturing