Why smart factory leaders need to prioritize cybersecurity

Are leaders prepared?

When sands shift beneath our feet, it’s impossible not to notice. Likewise, organizations across the world recognize the importance of securing their manufacturing operations against a cyberattack because it is happening all the time. Within the last 12 months, 73% of organizations said they had suffered an attack, so it is no surprise that an overwhelming majority (80%) of organizations agree that cybersecurity is a critical component of a smart factory which involves higher security risks than a traditional factory.

Yet, heightened awareness does not translate to preparedness on an organizational level and in general, most are not enough prepared in terms of governance, protection, detection, and resilience. There are many reasons for this, but it’s clear that the sheer scale of IIOT and OT devices that they must track to discover breaches is overwhelming.

To illustrate the scale of the problem, our research found that only a subset of organizations have established mature cybersecurity practices.

Those with mature practices enjoy significant benefits: they can respond effectively, mitigate threats early on and protect themselves, and identify and detect patterns far easier. The benefits are clear, so what’s preventing the pool of prepared businesses from getting bigger?

Identifying the challenges

The challenges for securing smart factories are interconnected and unfortunately, all too familiar.

Firstly, there’s the people problem. As the only unpatchable piece of the security framework, hackers know that people are the most vulnerable entry point and so will expect and seize on mistakes. As a first line of defence, employees must be aware of the early-warning signs of a potential attack to allow for a quick response. It is troubling that not all organizations say their smart-factory employees are trained to deal with the impact of attacks through connected machinery. Not that this is all the fault of the factory leader: the global shortage of cybersecurity professionals is more acute in the smart-factory specialism, with 57% of organizations reporting difficulties hiring, exacerbating the issue to new extremes.

Then there’s the lack of collaboration between cybersecurity teams and the C-suite. Smart-factory cybersecurity is often evaluated at plant or regional level and so does not receive the board-level priority accorded other functions in the organization. The disconnect between smart-factory leaders and C-suites is problematic because it affects everything from budget allocation to how quickly organizations respond to an attack. Getting to grips with the latter is essential as many organizations report that delays in discovery leads to more severe losses down the line. Again, the skills shortage means that many lack the cybersecurity leaders to spearhead the required response. But training experts who can oversee the implementation of comprehensive Industry 4.0 security measures is nevertheless vital – and investment in this area will not be wasted.

Less familiar is the issue of “shadow IT”. This is the trend of workers using discrete IT systems to bypass shortcomings of the central IT system. This has become more common over the pandemic as more partner and vendor networks are brought in to resolve issues. While decentralized defense software will be effective if selected well, misconfiguration will only multiply the entry points for attackers. Over 50% report that smart-factory cyberthreats primarily originate from partner and vendor networks, so this is clearly an issue. But again, it loops around to the people problem with not many of the organizations claiming that their cybersecurity teams (employees / on-site contractors) have the required knowledge and skills to carry out urgent security patching without external support.

Smart factory security

The vast majority of cybersecurity leaders with robust security report being able to respond quickly (80%) and recognize known attack patterns at an early stage (74%). But for those unprepared it can be difficult to know what exactly a practical framework looks like.

We recommend the following steps to help organizations to be better prepared to prevent and mitigate cyberattacks:

• Perform an initial cybersecurity assessment of the whole organization
• Build awareness of smart-factory cyberthreats across the organization
• Identify risk ownership for cyberattacks in smart factories
• Establish a framework that monitors and facilitates smart-factory cybersecurity
• Embed cybersecurity practices tailored to the smart-factory environment
• Establish strong governance structures with rigorous oversight measures

Discover the Capgemini solutions to secure your smart factory here

There is no doubt that smart factories are the way forward for manufacturing. Intelligent Industry promises vast benefits and unlimited possibilities, powered by new and emerging technologies. But organizations have also to acknowledge that their business interests are at jeopardy without securing the surface area that increased digitization creates.

Our research reveals that many are well aware of this, but that they must now act and prepare for the threat. Industry 4.0 is exciting, but organizations must adapt to survive to realize its true potential.

Learn more of the findings in report: ‘Smart & Secure: Why smart factories need to prioritize cybersecurity’