CMN

Guest Columns

Perspective:
Industry Issues

Surviving the cyber pandemic

Bryan Griffen

Bryan Griffen is director of industry services for PMMI, the Association for Packaging and Processing Technologies. He is a guest columnist for this week’s issue of Cheese Market News®.

While the world turned its attention to the health and economic threats posed by COVID-19, hackers took advantage of production systems as a result of an increased number of remote workers and the need for remote access to equipment, according to the 2021 “Cybersecurity: Assess Your Risk” white paper from PMMI, The Association for Packaging and Processing Technologies.

In this column, I will provide insight into the risks for manufacturers and steps they can take to mitigate these risks.

• Increased risk of cybersecurity attacks for manufacturers

The challenges presented by COVID-19 have increased cybersecurity vulnerability and employee access for manufacturers. As remote work has become more commonplace due to the pandemic, manufacturers have struggled to set up viable remote working options for a larger number of employees. This creates significant challenges for manufacturers trying to improve their cybersecurity defenses as remote employees often use personal devices (laptops, desktops, phones, etc.) to access company networks. This is especially true of smaller businesses that do not have the resources to provide work devices to every remote employee. Many of these devices are less secure than company-provided devices, adding vulnerability. Many employees also use a VPN or other remote login to access their company’s network. The more employees signing in remotely to secure servers, the harder it is to limit access, monitor activity and keep networks secure from outside intrusion.

As PMMI’s 2021 Cybersecurity white paper points out, a recent survey indicates 83% of manufacturers are struggling to ensure the security of remote systems due to increased network activity resulting from the pandemic. The end result is that remote working and remote access are typically less secure than on-site work, and even with best practices in place, mistakes will inevitably be made. Amidst the pandemic, 20% of companies have reported that remote workers and remote work logins have resulted in a cybersecurity breach. This makes sense, as recent findings suggest that remote workers are more prone to cybersecurity errors: 47% of employees cited distractions while working from home as the reason for falling victim to phishing attacks. An analysis by IBM also found that the expansion of remote working in response to COVID has increased the cost of a cyberbreach by an average of $137,000.

• What manufacturers can do to increase security of systems

First, manufacturers need to understand their operations’ vulnerabilities and how bad actors can exploit those vulnerabilities. With its expanding scope of technology and integration paired with a relatively low industry-wide awareness of cyber threats, modern manufacturing is a particularly ripe target for cybercriminals.

According to PMMI’s white paper, there are several key areas of vulnerability that manufacturers should be aware of when assessing the integrity of their operations, such as the rapid expansion of automation and integration, the widespread adoption of cloud and edge computing, and the ongoing threat of internal tampering by employees.

After a comprehensive assessment of the organization’s operations and vulnerabilities is complete, manufacturers should put together a dedicated cybersecurity team made up of professionals throughout the organization including the CEO, CFO, CSO, IT, operations, legal and even key suppliers. This team needs to be equipped with a robust suite of software designed to monitor and flag any suspicious activity on a network.

It is also essential that the information being collected is accessible so that the team is empowered with the data they need to effectively safeguard the organization. More than anything, vigilance is required for any cybersecurity strategy to be effective. A robust cybersecurity plan requires constant updating and adjusting. It can be beneficial for manufacturers to periodically test their cybersecurity by p derforming simulated attacks and simulating the response. By carrying out these mock intrusions, manufacturers can ensure their cybersecurity plans are up to date and account for any new developments within the organization.

• Remote access and the role of OEMs and suppliers

Advancing technology, labor costs and now the COVID-19 pandemic have all pushed OEMs to offer more remote service options. Those same realities have forced manufacturers to be more receptive to remote service. In practice, remote service requires OEMs to have some level of access to their clients’ operations and networks. For cybercriminals, this means that OEMs can serve as a bridge to reach numerous targets.

Because of this, OEMs need to be absolutely certain that their networks are as secure as they possibly can be. To assist with this, the Organization for Machine Automation and Control (OMAC) released a Practical Guide for Remote Access to Plant Equipment, offering an in-depth analysis of the benefits and pitfalls of setting up a remote access program. OMAC’s suggested plan includes assessing the level of access needed, collaboration between IT and OT, formalizing standard operating procedures (SOPs) and protocols, creating multiple levels of security and authentication for remote access logins, and establishing a verification process.
PMMI’s cybersecurity white paper lists several measures brand managers indicate they need from suppliers to better safeguard both software systems and hardware equipment. They would like to see a risk assessment of supplier operations, implementation of dual authentication for equipment login, means to isolate equipment for data/regulation codes and inputs/outputs, assured security for remote connectivity, backup and recovery systems, and protected updates for hardware and software.

Despite best efforts, it is nearly impossible to completely prevent all cyberattacks, making it essential that businesses have a comprehensive and tested emergency backup plan in place. While these are serious tasks with significant challenges, industry players do not need to go it alone. Manufactures, OEMs, suppliers and third-party cybersecurity experts should collaborate with one another to improve cybersecurity across the manufacturing industry.

CMN

The views expressed by CMN’s guest columnists are their own opinions and do not necessarily reflect those of Cheese Market News®.

CMN article search




© 2021 Cheese Market News • Quarne Publishing, LLC • Legal InformationOnline Privacy PolicyTerms and Conditions
Cheese Market News • Business/Advertising Office: P.O. Box 628254 • Middleton, WI 53562 • 608/831-6002
Cheese Market News • Editorial Office: 5315 Wall Street, Suite 100 • Madison, WI 53718 • 608/288-9090