A new report from the Capgemini Research Institute finds that 51 per cent of industrial organisations believe that the number of cyberattacks on smart factories is likely to increase over the next 12 months.
Yet nearly half (47 per cent) of manufacturers say cybersecurity in their smart factories is not a C-level concern. According to the Capgemini report, Smart & Secure: Why smart factories need to prioritise cybersecurity, few manufacturers have mature practices across the critical pillars of cybersecurity.
The connected nature of smart factories is exponentially increasing the risks of attacks in the Intelligent Industry era.
Around 53 per cent of organisations including 60 per cent of heavy industry and 56 per cent of pharma and life sciences, firms agree that most future cyber threats will feature smart factories as their primary targets.
However, a high level of awareness doesn’t automatically translate to business preparedness. A lack of C-suite focus, limited budget, and human factors are noted as the top cybersecurity challenges for manufacturers to overcome.
“The benefits of digital transformation make manufacturers want to invest heavily in smart factories, but efforts could be undone in the blink of an eye if cybersecurity is not baked-in from the offset.
The increased attack surface area and a number of operational technology (OT) and Industrial Internet of Things (IIOT) devices make smart factories a prominent target for cybercriminals. Unless this is made a board-level priority, it will be difficult for organisations to overcome these challenges, educate their employees and vendors, and streamline communication between cybersecurity teams and the C-suite,” said Geert van der Linden, Cybersecurity Business Lead, Capgemini.
Challenges faced by Organisations
The research found that, for many organisations, cybersecurity is not a major design factor; only 51 per cent build cybersecurity practices in their smart factories by default. Unlike IT platforms, all organisations may not be able to scan machines at a smart factory during operational uptime.
The report further added that system-level visibility of IIOT and OT devices is essential to detect when they have been compromised; 77 per cent are concerned about the regular use of non-standard smart factory processes to repair or update OT/IIOT systems.
This challenge partly originates from the low availability of the correct tools and processes, however, a significant share of organisations (51 per cent), said that smart factory cyberthreats primarily originate from their partner and vendor networks. Since 2019, 28 per cent noted a 20 per cent increase in employees or vendors bringing in infected devices, such as laptops and handheld devices, to install/patch smart-factory machinery.
People remain a top threat to cybersecurity
The report pointed out that when it comes to incidents, only a few of the organisations surveyed claimed that their cybersecurity teams have the required knowledge and skills to carry out urgent security patching without external support. One common cause for this widespread inadequacy is the lack of a cybersecurity leader to spearhead the required upskilling program.
When coupled with the scarcity of talent this becomes a significant challenge; 57 per cent of organisations say that the scarcity of smart factory cybersecurity talent is much more acute than that of IT cybersecurity talent.
Many organisations said that their cybersecurity analysts are overwhelmed by the vast array of OT and IIOT devices they must track to detect and prevent attempted intrusions. Moreover, cybersecurity executives said they will be unable to respond effectively to attacks in their smart factories and manufacturing locations.
A lack of collaboration between smart factory leaders and the Chief Security Officer is also an area of concern for more than half of the respondents. This inability to communicate hinders an organisations’ ability to detect cyber-attacks early leading to a higher level of damage.
Cybersecurity leaders take market advantage
The report found that “Cybersecurity Leaders” who deploy mature practices across the critical pillars of cybersecurity: awareness, preparedness, and implementation of cybersecurity in smart factories, outperform their peers in multiple aspects.
These include recognising attack patterns at their early stage of deployment (74 per cent) and reducing the impact of these attacks (72 per cent), compared to just 46 per cent and 41 per cent of other organisations respectively.