Survey: Manufacturers to implement new cybersecurity solutions in 2021

A recent survey of Manufacturing AUTOMATION’s readership showed that manufacturers are considering implementing a wide range of cybersecurity solutions over the next 12 months.

The informal questionnaire, which was sponsored by Fortinet as part of our Cybersecurity Week in October, collected responses over a period of seven weeks from OEMs, Tier 1, 2 and 3 manufacturers and suppliers, and systems integrators.

Top concerns

When asked about their top concerns when it comes to securing their manufacturing environment, 47 per cent of respondents cited loss of business-critical data, such as finance, HR, production data, etc.

Other primary concerns were operational outages impacting revenue (20 per cent), loss of intellectual property (13 per cent), and operational outages impacting productivity (six per cent) or safety (six per cent).

“These top concerns from OT clients are absolutely in line with what is top of mind in securing the manufacturing/plant environment,” says Rick Peters, Fortinet’s chief information security officer, operational technology North America. “In fact, you could argue that these concerns complement the top priority for OT systems from a security perspective, which, of course, is ‘safe and continuous operations.’

“Operational down time for OT manufacturing translates into rapid escalation in revenue loss based on the size and scope of the operation. Running a very close second is controlling corporate intellectual property, as that data could be viewed as the ‘crown jewels’ of the business.”

When it came to the type of cybersecurity attack they’re most concerned about, survey respondents cited ransomware (77 per cent), phishing (69 per cent), malware (61 per cent), spyware (38 per cent), well-intentioned but careless insider breaches (31 per cent) and mobile security breaches (eight per cent).

Who’s responsible?

They also said there are a range of job titles responsible for compliance with cybersecurity standards in their organizations, suggesting that cybersecurity is not always handled by a dedicated person or team, or a centralized approach.

Forty-six per cent of respondents said their CEO manages cybersecurity initiatives, 23 per cent said operations/manufacturing teams, and another 23 per cent said heads of finance. Thirty-nine per cent of respondents said they have a chief information officer (CIO) to look after cybersecurity matters.

“To gain appropriate, timely and accurate cybersecurity intelligence, it is best to turn to the true subject matter experts,” says Peters.

“If the OT security solution is robust and ecosystem-based like Fortinet’s Security Fabric, you can rely on a well-structured team of analysts that focus on sustained situational awareness and structured reporting that is automatically disseminated for true automated awareness.

“FortiGuard Labs in an excellent example of such a service, as they deliver domain expertise for both IT and OT (industrial security services and fluency). There are alternatives for education, however, and a great number of trusted and reliable cybersecurity news sources are dependable.”

Peters suggests checking industry-specific cybersecurity magazines and blogs for information on trends and advancements.

Implementing countermeasures

Survey respondents say they are considering implementing some cyberattack countermeasures over the next six-12 months, including:

• Changing passwords frequently (69 per cent)
• More employee training (54 per cent)
• Limiting employee access to data (46 per cent)
• Installing anti-virus or anti-spy software (31 per cent)
• Investing in cyberinsurance (23 per cent)
• Hiring an in-house cybersecurity expert (23 per cent)
• Segmenting networks (15 per cent)
• Hiring an outside specialist to perform threat detection and monitoring (15 per cent)
• Allocating more resources to IT (15 per cent)

Peters suggests that businesses examine where their current maturity level is when it comes to cybersecurity in order to determine which countermeasures will be most appropriate.

“One must start with visibility, as the connectivity or ‘convergence’ of IT and OT require that a complete inventory of assets is captured and that the earned trust for each and every enabled asset is absolute,” Peters says.

He says multi-factor authentication (MFA) is one way to ensure controlled access. Another is segmentation via NGFW (next-generation firewall).

“NGFW within the converged IT/OT enterprise establishes zones of control such that the impact of an adversary can be contained while quarantine, code analysis, reporting and restoration are accomplished at the speed of business,” he says.

“Automated situational awareness that is underpinned by an ecosystem empowered with actionable intelligence is vital to defending the enterprise from the ‘inside-out.’

“This more proactive approach to cybersecurity assumes that a system will be compromised at some point in time and equips the OT system owner with a strategy designed to stay one step ahead of anyone seeking to disrupt operations or steal intellectual property.”

For more resources, white papers and articles about cybersecurity, click here to access our Cybersecurity Week content.