Manufacturing and cybersecurity: Best practices for secure systems

The interconnectivity of the Industrial Internet of Things (IIoT) is formidable. So many components seamlessly working together produce a bounty of positive outcomes for a company. Making better business decisions, uncovering inefficiencies and being proactive in mitigating risk are just a few of the benefits it brings.

Like all developments in technology, the benefits need to be factored in with potential risks. In this case, endpoints can be potential gateways for breaches.

We know that as the industry shifts to greater technology adoption and connectivity, coupled with the increase in remote work in 2020, there are cyber security risks that need to be managed.

In 2020, cyber attacks in manufacturing accounted for more than 30% of all incidents (Source: PMMI). During the same period, Australian manufacturing businesses accounted for 13 per cent of all known attacks.

A few years ago, the Financial Times pointed out that industries such as oil and gas benefit from streamlined operations thanks to remote monitoring. For example, the ability to monitor and alter well pressure, temperature and flow extraction rates remotely can maximise production and profitability. 

Manufacturers manage a number of unpredictable and hazardous components. When the systems fall down, it’s not just the risk of profits being lost, there are other flow-on impacts. It’s a big remit to manage risk, but when a cyber attack could mean that unknown parties have the power to control pipelines, shut down operations and release sensitive business information, it’s critical to safeguard your business.  

However, the news isn’t all doom and gloom. Mature cybersecurity protocol is about being vigilant, cautious and collaborative with other departments within your organisation and within the wider industry. Here are some best practices you can undertake to reduce the threat of attack.

Create an internal cybersecurity framework

The Harvard Business Review (HBR) recommends that the most significant action you can take is to create a rigorous internal guideline for cybersecurity. Contrary to popular belief, the majority of breaches occur because of faulty internal practices. HBR says that one of the most common ways that systems are threatened are with infected USBs. They state, ‘the best way to get into an unprepared company is to sprinkle infected USB sticks with the company’s logo around the car park.’

It seems unbelievable that your company’s assets could be compromised with such an action, yet the numbers support it.

When the pandemic forced workers to rely on remote access and home technology, the risk of an internal breach increased further. As the Financial Times puts it, the ‘attack surface’ is greater, especially when it’s reported that one in four employees share or store sensitive information in unsanctioned applications.

A report commissioned by Intel discovered that ‘internal actors were responsible for 43% of data loss, half of which is intentional, half accidental.’ Therefore, organizations cannot take for granted that their employees are adhering to best practices. It is imperative that the senior team of an organization work together to create a comprehensive cybersecurity plan.

The plan should include:

Education for staff and management

Whether it’s a guidebook or training, your entire organization should be made aware of the common scams that allow hackers entry, such as phishing, scam phone calls and emails. HBR recommends hiring an external cybersecurity team to test your staff.

A best practice checklist

This education should culminate in best practice literature. It should be a rolling document and its purpose should be to continually make staff aware of new developments in cybersecurity, as well as making your staff responsible for their actions. If they are clear in what safe and appropriate practices are (and are held to account for those practices) then they will be much more open to potential threats

Screening processes for potential employees

HBR suggests that manufacturing companies should make criminal background checks a priority when looking to employ a potential candidate. They also suggest subtly putting in questions that ascertain a candidate’s ‘moral compass’ and thoroughly check for gaps, or inconsistencies in their resumes. It’s also good to check a candidate’s knowledge of cybersecurity practices.

A thorough subcontractor screening process

Security Affairs describes subcontractors as the weakest link in the security chain and claims that the manufacturing industry is particularly susceptible to this form of attack. Interestingly the report states that while these businesses are stringent with internal security practices, they don’t hold their subcontractors to the same rigorous standards. When hiring a contractor, it is crucial that have a demonstrable culture and commitment to security practices. This needs to be supplemented by regular auditing.

Be proactive and collaborate

Work with others in the manufacturing industry and the wider tech space to come up with solutions to the proliferation of cybersecurity attacks. We are all against threats that can wield untold power, so it’s in our interests to work together to make sure that hackers aren’t winning the war.

Given how exciting the potential of IoT technology could be, we want to make sure that we are deriving value from it, and the best way to do that is to be curious proactive and collaborative.

If you would like to know more about how you can make the most of the Internet of Things, you need to check out or guide to Driving operational efficiencies through real-time data.

3 ways Nukon helps manufacturing engineers get better insight into their data

This blog has been recently updated from the original article (published in 2017).

Topics: Manufacturing