Deloitte and MAPI study: Connected industrial control systems expose manufacturers to cyber threats

Study identifies leading practices to address emerging risks and make their companies more secure.

By ·

Nearly half of surveyed manufacturing executives lack confidence their assets are protected from external threats, according to a new study from Deloitte and the Manufacturers Alliance for Productivity and Innovation (MAPI) on “Cyber Risk in Advanced Manufacturing.”

Study results indicate nearly 40% of surveyed manufacturing companies were affected by cyber incidents in the past 12 months, and 38% of those impacted indicated cyber breaches resulted in damages in excess of $1 million.

“Manufacturers are innovating at an unprecedented rate, integrating cutting-edge technologies in products, automating the shop floor, connecting supply chains, and increasingly investing in valuable intellectual property,” said Trina Huelsman, vice chairman, Deloitte & Touche LLP and US industrial products and services leader. “While these advancements should position them for future growth, the industry is also likely to experience an acceleration in the velocity and sophistication of associated cyber threats. Cyber risk and innovation are closely linked, and through our study, we have identified leading practices manufacturers can implement to address these emerging risks and make their companies more secure, vigilant and resilient.”

Motives and means of attack
Surveyed manufacturers noted the top motives of cyberattacks to be financial theft, intellectual property theft, and targeted attacks on senior executives for financial gain or access to company strategies or investments. These manufacturers reported that in the past 12 months, the highest number of incidents originated within the organization (46%), while 39% came from external sources and 15% originated from vendors and business partners. Top threats arising from within the organization include phishing/pharming (32%), direct abuse of information technology systems (25%), errors/omissions (26%), and use of mobile devices (24%).

Intellectual property – the No. 1 risk to manufacturers
Intellectual property can constitute more than 80% of a company’s value according to Ocean Tomo’s “2015 annual study of intangible asset market value,” published March 5, 2015. In the study, 36% of manufacturing executives said that intellectual property tops the list of data protection concerns, followed by consumer data (32%) and accidental disclosure of personal information (29%). In addition, significant and increasing concern exists around more sophisticated state-sponsored attacks on intellectual property. Preventive and detective data protection strategies can help companies to secure their data from the inside out and capture the value of their investments in intellectual property.

“Cyber risk is a critical part of every manufacturing environment and demands attention from every employee, contractor, and business with whom a company interacts,” said Stephen Gold, president and CEO, MAPI. “The most effective approach will rely on more than the CIO or CISO by also engaging the board and C-suite. Company leadership needs to understand their comprehensive cyber risk profile to appropriately allocate resources to mitigate risk.”

Cyber risk on the shop floor
Industrial control systems operate highly automated manufacturing processes where employee safety, environmental protection, and operational efficiency are of paramount importance. Yet, 50% of surveyed companies indicate they perform vulnerability testing for industrial control systems less than once a month and 31% have never done an assessment. These are essential tools for identifying and mitigating cyber risks on the shop floor and clarifying organizational responsibilities between IT and operational technology employees. By implementing technologies to provide automated 24/7 cyber threat monitoring, manufacturers can become more vigilant in protecting critical manufacturing operations.

“To date, many companies have attempted to isolate the networks associated with their industrial control systems with an air gap, essentially a physical barrier between the industrial control systems networks, enterprise networks and the internet,” said Sean Peasley, partner, Deloitte & Touche LLP and cyber risk services consumer and industrial products leader. “However, if they haven’t actually tested the accessibility of these systems, they can miss hidden access points that could be vulnerable to attack. An air gap strategy is also contrary to industry trends in digital manufacturing, which are designed to generate cost-savings, automation and efficiency benefits.”

Connected products, exponential risks
Increasing reliance on technology-enabled connected products brings a new set of risks to manufacturers. Among executives surveyed, 45% said their organization uses mobile applications and 35% cited sensor controls. However, 40% of respondents said they have not yet incorporated connected products into the company’s cyber incident response plan. Planning ahead before a breach occurs — so the entire organization is prepared to respond and quickly neutralize threats — can help companies become more resilient. Leading companies design security into connected products and integrate them into the cyber program from the start. This is important because 76% of companies surveyed transmit product data using Wi-Fi, and 52% reported that their connected products store and/or transmit confidential data, including Social Security and banking information.

“Through the cyber risk in advanced manufacturing study, we identified both potential vulnerabilities and some great leading practices that manufacturers can leverage to deter attack and prevent loss of critical information and assets,” said Gold.

Click here for more information on Deloitte and MAPI’s study on Cyber Risk in Advanced Manufacturing.

Survey methodology
This study was conducted by Deloitte and MAPI. Responses were derived from 35 live executive interviews and industry organization interviews, an innovation lab, and in collaboration with Forbes Insights, MAPI collected 225 responses to an online survey.


Subscribe to Modern Materials Handling Magazine!

Subscribe today. It's FREE!
Find out what the world’s most innovative companies are doing to improve productivity in their plants and distribution centers.
Start your FREE subscription today!

Latest Whitepaper
The Power of the Put Wall – Seamless Omnichannel Fulfillment
The next generation of put wall technology will enable customizable configurations to address the challenges of SKU proliferation and changing product and order profiles.
Download Today!
From the November 2018 Modern Materials Handling Issue
Disruption comes in many forms—a new app that hobbles the taxi business, historic weather events that put life on hold, millions of personal files hacked—and seems to be surfacing more often than ever.
Gap Inc.: Taking the touches out of fulfillment
Resilience and Innovation at Gap Inc.
View More From this Issue
Subscribe to Our Email Newsletter
Sign up today to receive our FREE, weekly email newsletter!
Latest Webcast
Your 2019 Mobility Strategy: Creating a Plan for Device Security, Automation, OS Migration, and More
If you haven’t already started creating a mobile strategy for 2019, join us to get started. If you have a mobile strategy in place, we’ll be sharing our recommendations to make sure you’ve covered every aspect of devices, deployment, security, OS migration and more.
Register Today!
EDITORS' PICKS
Resilience and Innovation at Gap Inc.
Just months before the start of the 2016 holiday season, one of Gap Inc.’s distribution centers...
System Report: Luxottica keeps it simple
Simplification and consolidation drove the design of a new 1.1-million-square-foot logistics campus...

Goya Foods’ secret ingredient: Lift trucks
The leader in Hispanic food and beverage products puts a variety of lift trucks and racks to work in...
Arvato SCM Solutions: Fashion Logistics
At its Hannover, Germany, facility, e-commerce logistics provider Arvato SCM Solutions is using...