How to
keep your
smart factory
secure

The manufacturing sector is one of the driving forces behind the economy, contributing almost 12% of U.S. gross domestic product. And it's embracing emerging technologies like 5G, the Internet of Things (IoT) and edge computing to drive productivity and efficiency—the market for this smart factory technology is predicted to exceed $228 billion by 2027, a compound annual growth rate of 18.5% from 2022, according to MarketsandMarkets. Yet as with any new technology investment, cyber threat exposure must be considered. Capgemini Research Institute found that 79% of global organizations feel their cyber risk is higher in a smart factory than in a traditional manufacturing setting.¹

Unfortunately, understanding there's a problem and doing something about it are often two different things. Capgemini highlighted persistent challenges in the sector with early threat detection, security budgets and engagement with chief security officers (CSOs). To ensure your organization maximizes the opportunities smart technologies present, security considerations should be considered at the start of every implementation.

Few factories feature only next-gen technologies. Instead, the majority incorporate a blend of old and new, including potentially decades-old industrial control systems, supervisory control and data acquisition equipment, and other operational technology (OT). These legacy technologies are an attractive target for threat actors. Employees can also pose a security risk. According to the Verizon 2022 Data Breach Investigations Report (DBIR), the manufacturing industry is a "lucrative target," particularly for espionage. Here are some of the top smart factory security risks to watch out for.

The manufacturing sector was the most attacked in 2021, accounting for 26% of attempted compromises largely due to its use of OT, according to Forescout.² As legacy equipment is fitted with connectivity and integrated into IT systems, it subsequently becomes a potential target for remote attackers, unless air-gapped from the public-facing internet. About 59% of manufacturers agree they need to upgrade legacy equipment to better secure themselves from cyber attacks.

The challenge here is that many such products can be insecure by design because they lack the necessary security controls to help reduce the risk of cyber breaches. For example, one study from Forescout found 56 vulnerabilities in software from 10 vendors, including some of the most popular producers of OT.³ These ranged from remote code execution to insecure firmware updates, weak cryptography and insecure engineering protocols. Vendors can be slow to update their software, and once available, factory owners may find it difficult to take critical systems offline to test patches.

More modern endpoints may also lack firmware updates and feature easy-to-guess or crack password-based authentication. If not properly isolated or protected, IoT devices can be used to gain a foothold in corporate networks.

Factory owners may also struggle to name all the OT endpoints in their environment because they can't afford the downtime needed to run full system scans. As the saying goes: You can't protect what you can't see. That may partly explain why vulnerability exploitation was the top infection vector at 52% of ransomware incidents in 2022.

Phishing is another major attack vector that cyber attackers use. This is unsurprising: Users remain a top target for attackers and as long as static credentials for IT and OT systems remain in circulation, malicious actors will be motivated to steal them through social engineering.

Manufacturing organizations are a critical element of global supply chains, but they also have their own complex ecosystem of suppliers. Unfortunately, these can unwittingly increase manufacturing cyber security risk. Over half (51%) of global CSOs believe smart factory security threats primarily originate from partners and vendors. In particular, they may be using "non-standard" smart factory processes to repair or update OT and Industrial Internet of Things (IIoT) systems—something 77% of CSOs are concerned about.⁴

Unsurprisingly, threat actors are taking advantage of these security blind spots to steal data, monetize extortion and disrupt manufacturing operations. The Verizon 2022 DBIR ranks the sector fifth in terms of the number of incidents and breaches analyzed. Most breaches were down to external actors (88%) and were motivated by financial gain (88%) or espionage (11%).

Basic web application attacks and system intrusions, as well as complex attacks using malware and/or hacking, are on the rise and occur frequently in this sector, the report found. Along with social engineering, they comprise 88% of breaches in manufacturing. The study found the top action types in manufacturing breaches are:

• Stolen credentials (39%)
• Ransomware (24%)
• Phishing (11%)

This aligns broadly with the threat actor motivations of data theft and extortion. It also aligns with common security deficiencies like poor user awareness, vulnerable technology and visibility gaps.

A cyber attack on your organization can cause significant financial and reputational damage, such as:

• Disruption to production lines
• Potential physical safety risks to staff if OT is sabotaged
• Loss of competitive advantage due to IP data theft
• Significant reputational damage from regulatory action and negative publicity