153537445 | Djbobus | Dreamstime
661fdf42767146001e3e8c7d Dreamstime M 153537445

Navigating red-alert security challenges in manufacturing

April 22, 2024
Cyber threats have evolved into a formidable adversary, targeting the factory floor with relentless precision.

Manufacturing executives stand at the forefront of an industry driven by relentless innovation and technological advancement. Yet, amid the exhilarating pace of progress, a looming shadow threatens to undermine these efforts—cybersecurity threats.

The recent Kiteworks' 2023 Sensitive Content Communications Privacy and Compliance Report paints a stark picture: Manufacturing is under siege from escalating cyber threats, requiring urgent action to fortify digital defenses and safeguard the very essence of innovation.

Cyber threats have evolved into a formidable adversary, targeting manufacturing companies with relentless precision. The Kiteworks report's findings reveal a sobering truth—the average cost of a data breach in manufacturing surged by 5.4% from 2021 to 2022, reaching a staggering $4.47 million.

See also: Maximum security? How multifactor authentication is being defeated

This financial toll, coupled with the primary targets of cyberattacks being personally identifiable information (PII) in 60% of cases and the prevalence of denial of service (DoS) objectives in nearly two-thirds of incidents, underscores the urgent need for robust risk-management strategies.

One of the prominent challenges highlighted in the report is the proliferation of disparate tools used for sensitive content communications within manufacturing companies.

An astounding 85% of manufacturers rely on five or more tools, leading to a fragmented landscape that hampers compliance and security management. This complexity not only poses operational hurdles but also inflates expenses, with significant investments directed toward communication tools.

Manufacturers also face substantial risks associated with third-party content communication channels, with nearly two-thirds utilizing six or more systems for managing, controlling, and securing content communications with external entities. File sharing and mobile application communication emerge as particularly risky channels, demanding immediate attention and robust mitigation strategies.

Immediate action agenda: Best practices for cyber resilience

In response to these pressing challenges, a proactive and comprehensive approach to cybersecurity is paramount. Here are five urgent action steps that manufacturing executives must prioritize:

  1. Conduct cybersecurity assessments: Initiate comprehensive audits and risk assessments to develop targeted cybersecurity strategies promptly. Identify vulnerabilities and prioritize mitigation efforts based on risk exposure.
  2. Implement multifactor authentication: Strengthen authentication processes with MFA for accessing sensitive systems and data immediately. This additional layer of security significantly reduces the risk of unauthorized access.
  3. Establish incident response plans: Develop and deploy incident response plans urgently to swiftly address and mitigate cyber threats. A well-defined response strategy minimizes the impact of breaches and ensures swift recovery.
  4. Educate and train employees: Conduct regular and immediate cybersecurity training and awareness programs for all employees. Empower your workforce to recognize and respond effectively to cyber threats, particularly phishing scams and social engineering attacks.
  5. Enhance supply chain security: Collaborate with supply chain partners urgently to implement robust cybersecurity measures. Strengthening the cybersecurity posture across the entire supply chain ecosystem is crucial for mitigating risks and ensuring resilience.

These action steps can strengthen your organization's resilience against data security threats, enhance your regulatory compliance posture, and unlock new levels of efficiency and innovation in your manufacturing processes.

Addressing data protection, compliance, and efficiency challenges

The manufacturing industry confronts multifaceted challenges daily. To navigate the complex landscape of data protection, compliance issues, and efficiency dilemmas, here are three immediate actions manufacturers should consider implementing:

Implement robust data security measures: Manufacturers have embraced the concept of digital transformation, which has yielded advances in efficiency, accuracy, and profitability. But as this transformation continues, manufacturers also face greater dependency on sensitive data and its secure transmission. To ensure data security, manufacturers should:

  • Conduct a comprehensive assessment of current data security protocols to identify vulnerabilities and risks.
  • Invest in advanced cybersecurity technologies such as encryption, intrusion detection systems, and data loss prevention tools to fortify data protection.
  • Enforce strict access controls, authentication measures, and continuous employee training programs to prevent unauthorized access and data breaches.
  • Develop and update data security policies and procedures regularly to align with industry standards and regulatory requirements.

Enhance regulatory compliance practices: The growth of the manufacturing industry has also been accompanied by a more complex regulatory environment, and in particular, as manufacturing technology becomes more sophisticated, so too are regulatory standards and compliance requirements for data security and data protection.

See also: Inside the Rockwell, Church & Dwight OT cybersecurity team-up

Compliance is especially intricate for manufacturers with a global footprint who may have to adhere to regulations across multiple jurisdictions. To ensure compliance, they will need to:

  • Establish a dedicated compliance team or designate compliance officers within the organization to oversee regulatory requirements.
  • Conduct regular audits and assessments to monitor compliance with international standards, data protection laws, and industry-specific regulations.
  • Stay abreast of evolving regulatory frameworks and proactively implement necessary changes to ensure ongoing compliance.
  • Foster collaboration with legal advisors, industry associations, and regulatory authorities to gain insights into best practices and emerging compliance challenges.

Optimize data management strategies: As manufacturers become more digitized and reliant on big data for everything from the shop floor to the global supply chain, management of that vast quantity of data may become a challenge as companies leverage increasingly sophisticated tools to glean insights and value from the information being collected.

Replay: Taming data and no-nonsense ways to drive your digital transformation

To optimize data management, companies must:

  • Embrace advanced data analytics tools and platforms to process and analyze vast data generated by manufacturing processes effectively.
  • Develop robust data governance frameworks to ensure data quality, integrity, and consistency across your organization.
  • Leverage predictive analytics and machine learning algorithms to extract valuable insights that can enhance operational efficiency and decision-making.
  • Collaborate with technology partners and data management experts to design tailored data management solutions that align with your manufacturing operation’s unique needs.

By taking these immediate actions, you can proactively address data protection risks, strengthen your regulatory compliance posture, and optimize efficiency in your manufacturing processes. This strategic approach will not only safeguard your organization's reputation and data integrity but also position it for sustainable growth and innovation in an increasingly complex and interconnected business environment.

About the Author

Frank Balonis

Frank Balonis is chief information security officer and senior VP of operations and support at Kiteworks, with more than 20 years of experience in IT support and services. Since joining Kiteworks in 2003, Balonis has overseen technical support, customer success, corporate IT, security, and compliance, collaborating with product and engineering teams. He holds a Certified Information Systems Security Professional (CISSP) certification and served in the U.S. Navy.