Staying Secure in the IIoT Patchwork

July 10, 2019
Have a consistent plan in place and follow it with the help of these three steps.

In many ways, manufacturing is one of the industries that's most likely to benefit from automation. Increased competition — both domestic and international — is pushing manufacturers to lean on technologies that optimize production and eliminate redundancies.

Unfortunately, many IoT devices are still in their infancy. These devices seldom receive routine security updates — including system patches — leaving them vulnerable to cyberattacks. If a single IoT device is compromised, it can put an entire manufacturer's network and data at risk. From stolen intellectual property to lost client and employee data, the consequences can be costly in the short and long term.

Another prominent concern is the IT patchworking that can occur when companies purchase new technologies. Rather than carefully merge these assets and create a cohesive security infrastructure, some companies will maintain disparate systems or perform subpar integrations. As with unsecured IoT devices, misalignment creates a backdoor to sensitive content.

How to Maintain Security Standards Amid Change

In the macro sense, manufacturing companies looking to implement new technologies contend with two major issues: cybercriminals and budgetary constraints.

The former are the ultimate opportunists and have noticed intensifying pressure within the manufacturing world. Halted production comes at a high cost to manufacturing companies, which is why they are more likely to pay a ransom if cybercriminals target their supply chains.

With regard to budget, some manufacturing companies fail to allocate necessary funds to IT spend, whether in-house or outsourced. Without comprehensive security oversight, they remain vulnerable to any number of threats.

The following three steps can help manufacturers sidestep these concerns and maintain security standards while riding the Industry 4.0 wave:

  1. Evaluate every technology before purchase and implementation. Your initial assessment should account for factors such as ROI, in addition to the necessary steps for secure system integration. When gauging the ROI your organization will get from technology you're considering purchasing, take a holistic approach. If you're looking for the companywide benefits of these purchases, ensure they have concrete applications for your entire organization. Specific employees or departments might have specific needs, which will be important to take into consideration. Also assess any costs your organization might incur down the line as a result of necessary maintenance, upgrades, or repairs.

    Assess ROI, but also assess how ready your organization is for new technology. According to an Industry 4.0 survey by Deloitte, only 20% of chief experience officers surveyed said their companies were equipped to handle new business or delivery models; less than 15% said their companies were ready to embrace smart and autonomous devices. Always know how much time, professional assistance, and planning needs to be in place to ensure your IT infrastructure does not get compromised. 

    Prior to integration, ensure your network and user end points are secure, updated, and patched. It is also important to educate your employees throughout the integration process so they are familiar with the secure use of new resources before those resources are actually implemented.
  2. Create a culture that supports Industry 4.0. Employee buy-in makes or breaks every digital transformation, so take steps now to support employees at all levels of your business. According to McKinsey & Co., companies where senior executives regularly communicate with all employees are eight times more likely to adopt new technologies. Educate your employees about the tangible benefits they will experience as a result of these changes, and find ways to solicit their input throughout the process.

    In-person training sessions that feature slides, instructional videos, and demonstrations are effective in creating community buy-in around cybersecurity. By incorporating different mediums (videos, print materials, etc.), you increase the likelihood of retention and engage different types of learning. There is also something to be said for meeting with people and departments in person so they can engage in group discussions, receive answers to questions in real time, and talk to experts outside of their departments.
  3. Update your security and recovery plans to reflect the latest changes. A report from Kaspersky Lab found that manufacturing was the most susceptible industry to cyberthreats in the first half of 2017. The report indicates that manufacturing companies accounted for nearly one-third of all attacks during that time frame.

    Security and recovery plans are essential in the event of an emergency, but they can also inform everyday processes around available technologies. In writing these plans, manufacturers have an opportunity to determine employee access controls and establish a clear line of communication between employees in IT and other departments.

    These security and recovery plans should be updated on a regular basis. Many companies perform these updates annually, though, and factor in rates of resource adoption and industry regulation. For some, it might be appropriate for these updates to be quarterly or biannually, but each organization should determine a plan with some sort of consistency. 

    The best practices continue to be vigilant monitoring and hardening of the company network, consistent reporting on cybersecurity threats, awareness of changing industry regulations, multifactor authentication, and clear policies regarding mobile device usage.

While there are plenty of challenges unique to the manufacturing industry, the fallout from a subpar security system should be at the fore. Security breaches can set off a chain reaction of downtime, lost productivity, and employee frustration.

There are also long-term ramifications: costly data and intellectual property recovery, reputation damage, legal consequences, and customer churn. Even without a security event, similar headaches can arise from misaligned or inoperable technologies. When resources fail to integrate or effectively communicate with one another, businesses can expect the same gridlock, lost productivity, and missed deadlines.

Michael Hadley is the CEO and president of iCorps Technologies, a leading-edge IT consulting, managed services, and cloud computing company. Michael founded iCorps in 1994 to deliver and support practical and cost-effective IT services and solutions that allow business leaders to focus on their core objectives.

About the Author

Michael Hadley | Chief Executive Officer/President

Michael Hadley is the CEO and president of iCorps Technologies, a leading-edge IT consulting, managed services, and cloud computing company. Michael founded iCorps in 1994 to deliver and support practical and cost-effective IT services and solutions that allow business leaders to focus on their core objectives.

Sponsored Recommendations

Free Webinar: ISO 45001 – A Commitment to Occupational Health, Safety & Personal Wellness

May 30, 2024
Secure a safer and more productive workplace using proven Management Systems ISO 45001 and ISO 45003.

ISO 45003 – Psychological Health and Safety at Work

May 30, 2024
ISO 45003 offers a comprehensive framework to expand your existing occupational health and safety program, helping you mitigate psychosocial risks and promote overall employee...

DH Pace, national door and dock provider, reduces TRIR and claims with EHS solution

May 29, 2024
Find out how DH Pace moved from paper/email/excel to an EHS platform, changing their culture. They reduced TRIR from 4.8 to 1.46 and improved their ability to bid on and win contracts...

Case Study: Improve TRIR from 4+ to 1 with EHS Solution and Safety Training

May 29, 2024
Safety training and EHS solutions improve TRIR for Complete Mechanical Services, leading to increased business. Moving incidents, training, and other EHS procedures into the digital...

Voice your opinion!

To join the conversation, and become an exclusive member of EHS Today, create an account today!