The stakes are already high for IT teams at manufacturing facilities, but the odds are heavily stacked against them when it comes to keeping their organizations safe from cyberattacks.
Manufacturers are attractive targets for cybercriminals, as breaking into their often-centralized systems and ceasing operations could yield a big payday. It’s for this reason industry has remained the most targeted for cyberattacks over the past three years, according to IBM, which found that a whopping 85% of incidents could have been mitigated with patching, multifactor authentication, or least-privilege principles.
See also: Manufacturing leads in cyberattacks for a third straight year, so what are some defenses?
Patching specifically poses huge headaches for IT teams, as there are only limited windows for machines to be updated without affecting the output of production facilities. Many manufacturers have 24/7 operations and may only take plants offline perhaps once a week or even once a month to perform maintenance. That leaves little room for IT teams—who may be using a manual solution such as Microsoft’s SCCM and Intune for vulnerability management—to roll out critical patches.
During these small maintenance windows, IT teams may have to install patches manually, meaning they have to research, download, test, configure, and then install each one, which is time-consuming.
By the time patches have made their way into facility computer systems, new patches may have already become available—leaving IT teams perpetually scrambling to get up to date and allowing software vulnerabilities that bad actors could exploit to remain.
How automated patching helps manufacturers stay safe
One solution to get manufacturer IT teams back on track is automated patch management solutions. These solutions allow organizations to determine how patching should be handled when a new patch is released.
See also: Optimizing your OT/IT cybersecurity strategy for an Industry 4.0 world
With these tools, IT administrators define up front what they want to happen when a specific type of patch is released, and it repeatedly uses that same process for each subsequent patch that meets those criteria. For example, these tools can determine which machines have certain pieces of software, like those from Adobe, and only roll out updates only to those machines.
So, how do these systems work? The patches themselves initially come from a cloud server set up by the solution provider. Scans are performed regularly to find the latest patches, check which machines need them, then deploy them to only those devices.
This process happens automatically according to the rules set up by IT administrators, freeing up IT personnel from the painstaking manual patching process while allowing patches to be rolled out quickly.
Automated patching holds unique benefits for the shop floor
A true boon to manufacturers is automated patching solutions’ ability to allow each production facility’s administrators to approve and schedule software updates according to their schedules.
IT departments can prepare update packages to be rolled out during a certain timeframe, but each onsite administrator will ultimately decide when these updates will be pushed to their machines (this too can be overridden in the case that a specific location takes too long to approve a roll out of the patches).
This alleviates the administrative work that IT groups have to do in order to target those machines at the proper times. The administrator of that plant can then ensure that the facility is ready for patches to be rolled out.
See also: Crucial role of cybersecurity protection for PLCs
Another benefit of automated patching systems is increased visibility for multiple parties. Manufacturers’ cybersecurity teams will have the ability to see what patches have been deployed to which system, making following up simpler, while reducing the need for constant updates from IT.
Finally, many of these systems allow patches to be rolled out in controlled environments to test whether there are complications before deploying the updates across more machines. If a bad patch does get deployed, some automated patching solutions allow IT teams to pause and roll back these problem updates, even on specific machines, and revert to a previous working version.
Automated patching ultimately saves manufacturers time and money
Today’s cybersecurity professionals are under a lot of pressure to protect their organizations—and their jobs. In no industry is this more apparent than manufacturing, where the risks of a cyberattack or a tech meltdown come with immediate, visceral consequences.
For any manufacturer, especially larger ones, closing a plant down for a day or two for maintenance could mean delaying the production of potentially millions of units. If an organization is breached and proprietary data or customer data is stolen, its reputation can be damaged, they may have to pay a ransom, its intellectual property could be at risk, and there could be indefinite production delays.
See also: Pair of new reports see glaring data, cybersecurity, content-sharing vulnerabilities
These are the often-expensive repercussions on the minds of IT teams as they set about deploying patches. Having the right tools can make a significant difference and ultimately save the organization money in the long run.
With their ability to schedule updates and send approval requests to the appropriate person, automated patching solutions improve manufacturers’ security footprints by giving security and IT teams more control and better visibility into the patching process. IT teams no longer have to play catchup to remediate all their vulnerabilities, meaning their organization is at less risk of getting breached.