Is Cybersecurity the Biggest Challenge for Industrial Machinery and Equipment Companies in 2021?
Industrial machinery and equipment will be at the forefront of some of the most important global manufacturing trends of the coming 10 years, including electrification of mobility (encompassing traditional sectors like automotive and new technologies such as drones), the transition to clean energy, green fuels production, and more.
All the same, daunting challenges confront companies in this sector. Responding to the continued financial and operational stresses of the COVID-19 pandemic will require management teams to be bold and skilful in equal measure. Leaders are under pressure to accelerate the pace of innovation or face irrelevance. But maintaining a robust security posture while this innovation happens has never been more important.
Industrials companies are at the centre of a web of different cyber risks: basic malware protection and email security software barely scratches the surface. As the Internet of Things (IoT) becomes more and more prevalent in industrial settings, the number of devices that can potentially be hacked is growing all the time. In 2020, malware targeting IoT devices increased by 50% compared to the prior year. Remote system maintenance enabled by digital twins is also expanding the potential attack surface for criminals.
Meanwhile, nation-state and corporate cyber-espionage was highlighted as a primary concern in Verizon’s latest Data Breach Investigations Report. Remember: when machinery is compromised, data and systems security is only part of the picture. The physical health of people is directly put at risk.
We believe that machinery and equipment specialists assessing market opportunities must focus on four key cybersecurity pillars to support continued innovation.
Systems are only as secure as their weakest link.
IT and OT (Operational Technology) systems are too often treated as separate entities. More and more, attackers focus on disrupting critical systems, and advanced ransomware attacks can move rapidly from system to system. To mitigate the risk of a successful attack crippling production, businesses must adopt a holistic view of all key systems and security technologies. Manufacturing companies are only as secure as their weakest Industrial Control System or older piece of equipment.
Position cybersecurity on the board agenda.
Cybersecurity is business security. Cyberattacks can have disastrous financial, legal and reputational consequences, meaning any industrial board of directors not actively discussing cybersecurity risks falling behind the curve. Key cyber stakeholders should at least have a direct report to a board-level role such as CEO, CFO or chief risk officer.
Embed cybersecurity through product lifecycles.
Management teams should always seek to secure the internal operations that ‘keep the lights on’ first. But the most effective cybersecurity postures for industrials companies should go further, taking account of the increasing number of threat vectors affecting machinery and equipment (both software and hardware). This can only be achieved with a granular view of how cybersecurity solutions and processes specifically impact each product or service, and in turn this means cybersecurity should be a factor in the earliest product architecture discussions, right through to incorporating into product or service launches and marketing.
When executed well, robust cybersecurity delivers results right through the value chain. Ignoring this risks putting systems and data at risk, as well as potentially damaging customer relationships.
Position cybersecurity as a core competitive advantage.
Too many companies, particularly small- and mid-cap, still view cybersecurity as a tick-box exercise and something to be left to IT. Boards may hope that implementing a few basic solutions will prevent uncomfortable challenges from potential customers and partners. This is no longer enough to maintain a market-leading position in industrials. On the positive side? The companies that do take a proactive approach to cybersecurity have an opportunity to leverage these capabilities with customers, who increasingly see cyber risk mitigation as a deal-breaker.
Although many industrials companies are aware of the need to secure machinery and systems, management teams may not be sure which steps to prioritise. When scoping cyber preparedness, it is sensible to work alongside sector-specialist partners to define an appropriate end-state system architecture. Once a system is up and running, penetration testing and ‘white hat’ hackers can evaluate the level of protection over software and hardware assets. Companies can go further in creating dedicated units that consult with engineers and R&D specialists as products and services are developed, acting as a facilitator of quality control and cyber competence.
As IoT and Industry 4.0 become the norm in industrials settings, companies will be exposed to more and more potential vulnerabilities. By understanding cybersecurity’s role as a core value-add for all products and services, and by appreciating the upside in articulating the benefits of a strong cyber position to partners, companies can alleviate risks and increase their chances of competitive success.