How the Internet of Things (IoT) is changing cyber risk for manufacturers

By Joe Vitale, SVP, Treasury Management

Are you protecting all parts of your business from cyberattacks?

It can be challenging to conceptualize the total business value of software and data. These digital business assets are increasingly vital to the fundamental operation of many organizations. This is particularly true in manufacturing, where connected machines and smart equipment are expected to make significant impact over the next several years. Research from the International Data Corporation (IDC) shows the manufacturing industry is already leading Internet of Things (IoT) investing, with an estimated $178 billion in total IoT spending as of 2016.

The “internet of risk” and manufacturing
IoT holds real promise for the manufacturing sector. Many manufacturers are currently using IoT technology for relatively basic tasks.  However, leveraging IoT technology will inevitably lead to far greater complexity in IoT implementations such as predicting maintenance before a machine breaks down and operating equipment powered solely by artificial intelligence.

Unfortunately, this also means the risk posed by cyberattacks will increase. As more devices within manufacturing become connected, there will be more points for cybercriminals to target, more data to steal and greater possibility for disruption.  

Why cybercrime could become a bigger threat to manufacturers
Cyberattacks are always a concern for organizations across every industry, but there are several trends that will make them a significant issue for manufacturers in the future:

  • The commoditization of cybercrime: There have already been several cases where cybercriminals leveraged exploit kits such as the Blackhole Exploit Kit – a malware package that could be rented as a subscription service, much like traditional subscription-based software.  As this trend expands, launching cyberattacks will become significantly easier and require less technical skill. The commoditization of malware will likely make smaller and mid-size organizations more attractive targets. Even though these companies typically have fewer assets to steal, the effort to launch a successful cyberattack could be far lower. Manufacturers are more at risk of cybercrime because they usually do not have information technology security expertise, regimented computer system controls or well defined incident response plans.  Because of that, cybercriminals may target them in widespread attacks designed to find easy-to-breach weaknesses.

  • Lack of sophisticated protection for connected devices: Whereas traditional computing devices are often protected by robust anti-malware software, the connected device ecosystem is not as consistently secure. This will become a more prominent issue for manufacturing, given the expected growth in IoT technology investing. Many of the connected devices, including personal devices not subject to company-driven controls, will require different security measures.  And those devices will be connected to other extraneous systems that may not be protected at all.

  • Greater variety in cybercriminal motivations: Organizations no longer need large volumes of valuable data or intellectual property to become cybercriminal targets. Hackers don’t necessarily target systems for financial gain; some simply want to disrupt an organization they perceive as a threat to a cause they believe in. This puts manufacturers at greater risk because cybercriminals’ motivations could range from anger over equipment sourcing practices, to partnerships and affiliations, to wanting to disrupt operations in a specific industry. Think of the Sony hack from 2014.

Taken together, these trends point to a need to better understand cyber risk from a multi-faceted perspective; this approach must include financial and technical protections for physical infrastructure as well as digital assets. As manufacturers invest in connected machinery, they will need to ensure there are processes for updating the software that guard these devices. This may also be important from a financial protection perspective; as we’ve noted previously, many cyber insurance policies require organizations to implement procedures for regular updates and evaluation of technical safeguards. 

The bottom line: Protect ALL your assets
The more businesses go digital, and the more that digital and non-digital assets are interconnected, the more organizations must consider the complete scope of their organizations. IoT technology will enable multiple machines and devices connected to the same ecosystem to work together efficiently. This will help drive down costs and provide more innovation for manufacturers and their customers. It is a vital time for manufacturers to review the technical safeguards across their digital ecosystems and to understand how these software assets may impact core operations.