Smart factory cyberattacks expected to increase, report shows

Despite this, the report also showed that nearly half (47 per cent) of manufacturers said cybersecurity in their smart factories was not a C-level concern.

According to the report, ‘Smart & Secure: Why smart factories need to prioritise cybersecurity’, few manufacturers have sufficiently mature cybersecurity practices whilst the connected nature of smart factories exponentially increases risk of attack.

Around 53 per cent of organisations, including 60 per cent of heavy-industry and 56 per cent of pharma and life sciences firms, agreed that most future cyberthreats will feature smart factories as their primary targets. 

However, a high level of awareness doesn’t automatically translate to business preparedness, the report suggests — a lack of C-suite focus, limited budget and human factors were noted as the top cybersecurity challenges for manufacturers to overcome.

“The benefits of digital transformation make manufacturers want to invest heavily in smart factories, but efforts could be undone in the blink of an eye if cybersecurity is not baked-in from the offset,” said Geert van der Linden, cybersecurity business lead at Capgemini.

“The increased attack surface area and number of operational technology (OT) and Industrial Internet of Things (IIOT) devices make smart factories a prominent target for cyber criminals. 

“Unless this is made a board-level priority, it will be difficult for organisations to overcome these challenges, educate their employees and vendors, and streamline communication between cybersecurity teams and the C-suite.”

The research found that only 51 per cent of organisations build cybersecurity practices in their smart factories by default. Unlike IT platforms, organisations cannot scan machines at a smart factory during operational uptime.

System-level visibility of IIOT and OT devices is essential to detect when they have been compromised; 77 per cent are concerned about the regular use of non-standard smart factory processes to repair or update OT/IIOT systems. 

This challenge partly originates from the low availability of the correct tools and processes, however a share of organisations (51 per cent), said that smart factory cyberthreats primarily originate from their partner and vendor networks. 

Of firms impacted by cyberattacks in the past 12 months, 28 per cent noted an increase of 20 per cent in employees or vendors bringing in infected devices, such as laptops and handheld devices, to install/patch smart-factory machinery.

Only a few of the organisations surveyed claimed that their cybersecurity teams have the required knowledge and skills to carry out urgent security patching without external support, with a common cause being the lack of a cybersecurity leader to spearhead upskilling.

According to 57 per cent of organisations, the scarcity of smart factory cybersecurity talent is much more acute than that of IT cybersecurity talent. Many organisations said their cybersecurity analysts are ‘overwhelmed’ by the array of OT and IIOT devices they must track to detect and prevent attempted intrusions.

A lack of collaboration between smart factory leaders and the chief security officer was also a key concern for over half (53 per cent) of respondents.

The report found that ‘cybersecurity leaders’ who deploy mature practices across the critical pillars of cybersecurity (awareness, preparedness, and implementation of cybersecurity in smart factories) outperform their peers in multiple aspects. 

These include recognising attack patterns at their early stage of deployment (74 per cent) and reducing the impact of these attacks (72 per cent), compared to just 46 per cent and 41 per cent of other organisations respectively.

Based on the analysis and insights identified, Capgemini proposed a six-step approach to developing a robust cybersecurity strategy for smart factories:

• Perform an initial cybersecurity assessment

• Build awareness of smart factory cyberthreats across the organisation

• Identify risk ownership for cyberattacks in smart factories

• Establish frameworks for smart factory cybersecurity

• Create cybersecurity practices tailored to smart factories

• Establish governance structure and communication framework with enterprise IT