Cyber-criminals are targeting the manufacturing industry. With 24% of total business directed attacks, it now suffers the highest number of attacks across industries, according to a recent report from Roland Berger. To protect themselves, businesses need to consider the whole value chain, develop multi-phase defences that adapt to developing threats and have a disciplined and trained workforce.
In a recent article from Roland Berger, titled “Cyber-security - Managing threat scenarios in manufacturing companies”, cyber-security in the manufacturing industry is considered. According to the consulting firm, we are witnessing the “4th industrial revolution”, a term referring to the industrial scale use of digital technology in the manufacturing value chain. This has resulted in the emergence of “cyber-physical systems” which can reside internally or externally to a company.
It isn’t just the systems that reside in the wider value chain, but for many manufacturers the products they produce have digitalisation as a core element: think automatic parking assist and cruise control systems in vehicles. The benefits of digital systems and products can be immense, allowing improvements in the speed of production, fostering high-level self-organisation and thus create the conditions in which production resources can be ever more flexibly and efficiently deployed. However, they too come with risks, including the risk of being hacked.
According to a US publication by experts Peter Singer and Allan Friedman, “97% of Fortune 500 companies have been hacked [...] and likely the other 3% have too, they just don't know it.” These attacks can be very costly. One UK company reported a loss worth $950 million from one attack and on average large US corporations lose $9 million per year from attacks, with a total yearly cost to the global economy estimated at $350 billion.
Cyber-attacks occur across a variety of industries, with a recent survey finding that manufacturing is the most frequently targeted sector, with 24% of all attacks that year, followed by finance, insurance & real estate, taking 19% of the hit.
The difficulty that must be overcome when protecting a company is the huge array of places in the value-chain that criminals can use to deploy attacks as well as the huge variety of kinds of attacks available to criminals and sophisticated state actors. To protect a business from the threat of an attack, the consultancy argues that a robust and holistic approach needs to be taken with three basic principles at the core of the approach:
- Responsibility should be imposed on the highest management to create a culture and capabilities that result in the end-to-end process being coordinated with cyber-security as its core consideration.
- A cyber-security defence should be developed that builds on existing approaches and solutions while constantly evolving them. Yet security must not become overbearing, with security always a means to an end.
- It is not only the burden of IT or senior management, every employee in the whole company must play their part in being vigilant for security threats and breaches.
“Dealing with hacking attacks is a huge problem, with different parts of the value chain often coming under attack simultaneously," explains Manfred Hader, Partner at Roland Berger. “The trouble is, traditional IT security departments mostly have their eyes fixed on business IT – the communication systems or business applications. What companies should be doing instead is addressing the issue of cyber-security from an integrated perspective.” He concludes with: “Only companies that treat cyber-security as an integral part of their management system will be able to protect themselves properly against digital threats.”