Hong Kong: As many as 61% of manufacturers have experienced smart factory cyber attacks and these incidents have shut production for days. They are struggling to deploy the technology needed to effectively manage cyber risk revealed in a survey from Trend Micro.
Trend Micro commissioned independent research specialist Vanson Bourne to conduct an online survey with 500 IT and OT professionals in the US, Germany and Japan.
The survey found that over three-fifths or 61% of manufacturers have experienced smart-factory cyberattacks incidents, Around 75% of them suffered from system outages and over two-fifths (43%) said outages lasted over four days.
These findings and more can be found in the report, “The State of Industrial Cybersecurity: Converging IT and OT with People, Process, and Technology.“
Smart-factory cyber attacks
“Manufacturing organisations around the world are doubling down on digital transformation to drive smart factory improvements. The gap in IT and OT cybersecurity awareness creates the imbalance between people, process and technology, and it gives bad guys a chance to attack,” said Akihiko Omikawa, EVP – IoT security, Trend Micro.
“That’s why Trend Micro has integrated IT and OT intelligence and provides a comprehensive solution from the shop floor to the office. We’re helping put visibility and continuous control back in the hands of smart factory owners,” added Omikawa.
The results from all three countries showed that technology (78%) was seen as the biggest security challenge, although people (68%) and process (67%) were also cited as top challenges by many respondents. However, fewer than half of the participants said they’re implementing technical measures to improve cybersecurity.
Asset visualization (40%) and segmentation (39%) were the least likely of cybersecurity measures to be deployed, hinting that they are the most technically challenging for organisations to execute. Organisations with a high degree of IT-OT collaboration were more likely to implement technical security measures than those with less cohesion.
There was a particularly big gulf between organisations with high IT-OT collaboration verses those with little to no IT-OT collaboration in the use of firewalls (66% verses 47%), IPS (62% verses 46%) and network segmentation (54% verses 37%).
Standards and guidelines were cited as the top driver for enhanced collaboration in the United States (64%), Germany (58%) and Japan (57%). The National Institute of Standards and Technology’s (NIST) Cyber Security Framework and ISO27001 (ISMS) were among the most popular guidelines.
The most common organisational change cited by manufacturers in all three countries was appointing a factory Chief Security Officer (CSO).
Trend Micro recommends a three-step technical approach to securing smart factories and keeping their operations running:
1) Prevention by reducing intrusion risks at data exchange points like the network and DMZ. These risks could include USB storage devices, laptops brought into a factory by third parties and IoT gateways.
2) Detection by spotting anomalous network behaviour like Command & Control (C&C) communication and multiple log-in failures. The earlier the detection, the sooner attacks can be stopped with minimal impact on the organisation.
3) Persistence is crucial to protect smart factories from any threat that has evaded prevention and detection stages. Trend Micro TXOne Network’s industrial network and endpoint security solutions are purpose-built for OT environments. They work at a wide range of temperatures and are easy to use with a minimal performance impact.