Despite ever increasing investment in cyber security, there is a feeling amongst IT leaders in the manufacturing sector that cyber attackers are ahead in the game. What’s keeping them awake at night and how can they turn the tables?
The recent global IT outage was a wake-up call for businesses across every sector. Cyber security and resilience, which have been moving steadily up the priority list for many years, are now firmly in the spotlight.
In a recent survey of IT leaders across all sectors, it was found that 73% of manufacturers had increased their spending on cyber security over the past 12 months. Nearly a quarter (23%) said they had increased spending ‘significantly’. So why then, do a majority of manufacturers feel less secure than they did last year?
Know thy attack surface
The impact of even a relatively minor attack can be severe, and long-lasting. This includes not just the financial cost and the disruption to business operations. With system outages and denial of service attacks now a regular feature of the daily news cycle, customers are hyper-alert to the security of their data and their systems and will take their business elsewhere if they don’t feel secure.
As the nature of cyber-crime becomes ever more advanced and insidious, it’s vital for manufacturers to stay one step ahead of attackers. To prevent cyber attackers exploiting weaknesses in your business, you must first know where these lie, in order to eliminate them.
If you want to prevent burglars from breaking into your home, a good place to start is ensuring all your doors and windows are securely locked. The cyber world is not so different.
60% of the IT and security leaders we surveyed believe their attack surface (i.e. the range of entry points for unauthorised access to a company’s systems) is now ‘impossible to control’.
When looking at the specific threats keeping teams awake at night, being hit by a malware, ransomware or phishing attack that halts their ability to operate as a business was the number one concern. This is perhaps unsurprising given global supply chains are still sensitive to any slight issue or delay and have been since the Covid-19 pandemic.
Patching and updates – test before release
For 87% of the respondents we surveyed, patching and rewriting vulnerable applications was cited as one of their top five concerns. As the requirement for regular patching increases, companies must ensure they have the right people with the right skills to apply patches swiftly and correctly. Missing out on just one patch or software update or applying it incorrectly, could prove disastrous for your business and your customers.
Manufacturers must however, be able to depend upon the patches and updates they receive and this means that software suppliers must ensure they are fully tested before release. As we saw last month, the consequences of not doing so can be hugely disruptive. In practice, it can be hard to test against every scenario and system your customers may deploy your code to. For software suppliers, techniques such as canary releases or rolling deployments can help identify any issues before release.
The AI dimension
While many of the challenges raised by IT leaders across the manufacturing sector will be familiar territory, the way attacks are conducted and the ease at which they can be monetised has significantly evolved in recent years.
This might be about to get a whole lot easier in the age of AI. While the technology presents vital opportunities to strengthen cyber defences, cyber criminals are also studying it closely to understand how they can exploit it to their own advantage. There is growing evidence that attackers are leveraging GenAI to enhance their efficiency, craft more sophisticated malware, and develop increasingly convincing phishing schemes.
This technological advancement has dramatically lowered the barrier to entry for would-be cyber criminals, allowing those with rudimentary technical skills to launch complex and sophisticated attacks. It’s unsurprising, therefore, that 82% of IT leaders in manufacturing think GenAI is going to change the game when it comes to cyberattacks, and they do not feel prepared for it.
Fighting fire with fire
Despite some well publicised nefarious use cases, GenAI and cloud technologies can help IT and security teams to turn the tables on cyber attackers. To maintain the upper hand, teams must stay on top of the latest developments, fighting fire with fire.
GenAI can be employed to enhance threat detection, automate response processes, and even predict potential vulnerabilities before they can be exploited. For manufacturing to prevent production from grinding to a halt, which delays order fulfilment and impacts workforces, such predictive technology seamlessly integrated into operations – and hosted in the cloud – makes business sense.
Of course, no manufacturer has limitless funds for cybersecurity, but this type of continuous monitoring is the next frontier for a ‘secure by design’ approach. Not only will it put attackers on the back foot, but it also ensures manufacturing’s IT teams have stronger guardrails and are firmly back in control of successfully rebuilding their own defences.
Ed Russell is CISO Business Manager at Appsbroker CTS, Europe’s largest Google Cloud technology partner.
Download the full report: Tipping the cyber scales: How defenders can get back in the game
For more articles like this, visit our Leadership channel.