Growing Cyber Risk In Manufacturing Industries
From ransomware to cyberwarfare attacks, the digital landscape is a dangerous and unpredictable one, and manufacturing industries need to be doing more than ever to prepare.
Cybercrime is not slowing down – are your operations sufficiently protected?
What’s happening?
On 27th June 2017, computer screens around the world were greeted with the unwelcome sight of black and an impertinent demand of bitcoin payment to de-encrypt their files.
The text, however, was a decoy. There was no saving these systems. NotPetya, allegedly developed and released by the Russian government and targeted overwhelmingly at Ukrainian businesses, was purely destructive in its intent. Afflicting industries as diverse as shipping, utilities, and manufacturing, the attack wrought around $10 billion in damages.
While not all cyber-attackers are as well-resourced or as malicious as the NotPetya attackers, the attack illustrated one thing – we had moved into a new era of large-scale cyber-attacks. Manufacturing industries – who are themselves becoming increasingly digital – need to sit up and take notice.
“Cyber-crime has been increasing tremendously,” says Florence Verzelen, Executive Vice President, Industry, Marketing, and Sustainability at Dassault Systèmes. “In the coming decades, cyber wars are going to be every bit as important as real wars. Cybersecurity has a strategic importance that it never had before.”
The risk is also broadly dispersed. “All companies dealing with mission-critical infrastructure, or who own critical intellectual property that could impact a country's sovereignty are primary targets for a cyber espionage attack,” says Stephane Sireau, Vice President, High Tech Industry at Dassault Systèmes.
Curious about how other manufacturing industries respond?
Respond to today's challenges with our bespoke solutions
Why does it matter?
Businesses are all too aware of the risks. In PwC’s 2023 Global Digital Trust Insights survey, in which manufacturing and industry respondents were the most represented group, 42% of those surveyed said that they had experienced a cyber breach since 2020. One in ten reported that breaches had cost them $10 million or more. Of course, most cyber-attacks are not like NotPetya. They do not aim, primarily, to cause damage for its own sake, but to steal or extort.
“The number of intellectual property leaks and ransomware attacks are growing and are of major concern for most industrial companies,” says Sireau. “This risk is reinforced by the geopolitical context and lack of certain security technologies over the globe.”
In some ways, cyber risk is being exacerbated by a fragmentary regulatory landscape. “What's probably going to become more and more important is the fact that we don't have real regulation between different entities,” says Florence Verzelen. “Between US and Europe, for example, there are few effective cybersecurity standards. That means a substantial digital threat.”
And in any case, many business leaders confess that they are uncertain of accommodating these changes to regulatory frameworks. According to the PwC survey, only 9% of respondents reported that they felt confident that they were able to effectively meet all disclosure requirements.
How can I prepare?
The good news is that companies today are more aware of cyber risk, more aware of the vectors of approach, and better equipped to deal with cyber-attacks when they do happen.
But what causes cyber risk? And how can cyber risk be controlled? In general, cyber risk management can be broken down into five main themes:
1. The recognition that your employees are key actors in cybersecurity risk
2. The growing adoption of specialized software, such as intrusion detections systems (IDS), that can detect cyberattack patterns or anomalies
3. Using a Model-Based Systems Engineering (MBSE) approach to develop a single holistic view of your cyber physical systems and the potential vulnerabilities
4. The emergence of private networks to provide secure and dedicated infrastructure to support mission-critical activities
5. The adoption of cloud technologies that offer greater security than on-premise company IT infrastructure
With the right cybersecurity risk assessment, and armed with the right cybersecurity services, manufacturing businesses can feel more confident of meeting cyber risks head-on, and leveraging data tools can help enable this.
One of the most powerful ways to enable cyber readiness is through the development and deployment of digital twin solutions. As Sophie Proust, Industry Market Intelligence Director at Dassault Systèmes states, “If you have a digital twin of your cyber network, you can experiment with scenarios that would be damaging in real life. Digital twins allow you to detect failure more easily and run virtual patches to explore how to effectively react to different cyber incidents, and mange things like cloud security.”
Manufacturing cybersecurity will never cease as a priority. As the data revolution continues, and industries become more connected, risks will proliferate – consider the implications of IoT security alone. And just as our preparedness evolves, so will the threat landscape. However, companies who can establish a full understanding of their network, and develop agile and resilient systems, can stay one step ahead.
Cyberattacks have been increasing tremendously. In the coming decades, cyber wars are going to be as important as real wars. Cybersecurity has a strategic importance that it never had before.
