Manufacturing: Big Industry, Big Security Challenges

In this latest installment in our series of profiles on security and compliance issues and challenges in various industries, we take a look at the manufacturing sector.

This industry, particularly if we include consumer goods, presents a broad range of companies. And of course security threats can vary depending on what types of products a company makes.

But in general, companies that make goods and equipment are particularly prone to theft of information about how they produce things, especially for high-priced or high-demand items. Given the growth of business competition worldwide, manufacturers these days should expect to be the target of theft of trade secrets and intellectual property via corporate espionage.

For value-added resellers (VARs) and managed services providers (MSPs), the opportunities to assist clients in this sector are plentiful. For one thing, it’s a huge industry. For another, it has a host of information security concerns.

Companies in manufacturing are most likely to face security threats such as cyber espionage, denial of service and Web applications attacks, according to Verizon’s 2014 Data Breach Investigations Report, which looked at security threats in 20 different industries.

Manufacturing companies are specifically targeted for their intellectual property, technology and business processes, the Verizon report says.

Another recent study, “The Global State of Information Security Survey 2015,” a worldwide study by consulting from PwC and CIO and CSO magazines, provides some good indicators of the security threat landscape in the industry.

The study surveyed 9,700 business and technology executives worldwide from March to May 2014. When examined by industry, it shows that about three quarters of the industrial manufacturing companies said they detected security incidents over the past 12 months. About 20% said they detected 50 or more such incidents and 18% said they had between 10 and 49.

When asked to identify the likely source of security incidents, the largest percentage of manufacturers (36%) cited current employees. That was followed by former employees, competitors and hackers.

Manufacturing_intellectual_property_patents

The manufacturers in the survey said they were affected in a number of ways by the attacks, including having employee records compromised, having personally identifiable information about customers or partners compromised, loss or damage of internal records and theft of soft intellectual property such as processes and institutional knowledge.

Manufacturers have unique security issues to deal with as they move toward increased automation.

“[the topic of network security] is becoming increasingly relevant in industrial plants. Factor in emerging trends in the business [such as bring-your-own-device (BYOD) and the Internet of Things (IoT)] and the touch points for potential security threats are increasing at exponential rates.”

Aberdeen, “Ensuring the Security of Industrial Networks in an Insecure World”

Industrial network security should be of major concern for manufacturers due to the convergence between IT and automation networks, the Aberdeen report says. One area of industrial plants that’s nearly always overlooked for security threats is legacy equipment, the firm says. “Security issues must not only be addressed at the enterprise level, but also addressed in industrial automation systems and field level devices.”

One of the better known attacks to affect the industrial manufacturing sector in recent years was the Stuxnet computer worm, which was discovered in 2010. Stuxnet was designed to attack industrial programmable logic controllers, which allow the automation of electromechanical processes such as those used to control machinery on factory assembly lines. By exploiting zero-day vulnerabilities, the program aims at machines using the Microsoft Windows operating system and networks.

The emerging IoT is drawing lots of attention these days, and it certainly presents potential security risks for manufacturers. With the IoT, an enormous number of corporate assets and end products will be linked via networks to provide a steady flow of data about where the objects are located and how they are being used, among other things.

Many manufacturers are already creating IoT strategies or implementing related technologies, for applications such as remote asset tracking, fleet management, energy data management and heavy equipment performance monitoring.

With IoT, manufacturers will not only be making and selling products, they will be offering lots of new services to provide customers with information about those products and how they’re being used.

Companies will need to address challenges such as ensuring data privacy and security, to safeguard customer information as well as meet regulatory compliance requirements. That includes security networks as well as sensors and other technologies used to track and monitor products and machines.

With this burgeoning market for manufacturers comes a great opportunity for VARs and MSPs to ensure that clients are doing all they can to secure their systems and data.