Managing cyber security risk in the age of Industry 4.0
As more and more manufacturers integrate industry 4.0 systems and practices, the need for digital transformation is rapidly increasing. But I recently learnt this rather frightening insight: the highest number of ransomware-associated data extortion operations is in the industrial and engineering sector, closely followed by manufacturing.[1] So how do we manage this?
Understanding cyber security risks, implications, and how to realistically mitigate these are now critical to maintaining a successful business. While all industries are harshly impacted by cyber security attacks, it strikes at the core of the manufacturing industry. It severely disrupts day-to-day operations and supply chains. System outages have a direct impact on the ability to meet production demands.
What to look for and consider
Online scams are unfortunately on all our radars, but sometimes it’s hard to know if you have been a victim of ransomware.
Ransomware is a type of malware that denies access to your system and personal information and demands a payment (ransom) to get your access back. There are several ways ransomware can get into your computer or system. One of the most common that you may be familiar with is via email phishing and spam — messages that include either a malicious attachment or a link to a malicious or compromised website. Once an unsuspecting user opens the attachment or clicks the link, the ransomware can infect the victim’s computer and spread throughout the network.
In a worrying sign, the Crowdstrike report also informs us that the criminals sending these ransom requests are now threatening to release the information they have collected from a company if the ransom is not paid. Backups provided a solution to ransomware, but this new extortion vector has increased the stakes yet again.
According to the Australian Cyber Security Centre, these are some common signs:
● Pop-up messages appear requesting funds or payment to unlock files.
● You cannot access your devices, or your login doesn’t work for unknown reasons.
● Files request a password or a code to open or access them.
● Files have moved or are not in their usual folders or locations.
● Files have unusual file extensions, or their names or icons have changed to something strange.
In the age of Industry 4.0, thinking about how to address cyber risk at the end of the strategic process is simply too late.
In 2020, 67% of Australian’s surveyed reported that they had experienced at least one ransomware attack.[2]
The reality is that risks to manufacturers have existed as long as production has been mechanised, with cyber threats augmenting and adding to physical threats as technology has progressed. But Industry 4.0 heralds the greatest leaps in cyber risk to date, which is why we need to take preventative action.
Progression of cyber and physical threats for each industrial revolution
What to do
One of the best ways to mitigate the risk is to involve your digital and tech experts early. Get the right people on the team when you are looking to set strategy or upgrade systems, capabilities, technologies and machines to strike the right balance. Understand what needs to be achieved from both an operations and digital, cyber security perspective. While your cyber security strategies should be secure, vigilant, and resilient, it needs to be fully integrated into the organisation, in a logical way.
Telstra Purple Principal Security Consultant, John Powell, advises that advisory and consulting services should be leveraged at all levels of the organisation to assist with understanding and translating technical (cyber) risks into business risks and also assisting with delivering benefit and driving strategy using the additional technology that is employed to protect your environment and business.
Take a look at the advice provided by the Australian Cyber Security Centre on how to protect yourself against ransomware attacks. There are many practical ways you can help prevent a ransomware attack from happening to you and your company.
If you would like to learn more about Industry 4.0 and cybersecurity and managing risk, take a read of this report prepared by Deloitte.
The more informed we are, the better prepared we can be.
References:
[1] Source: ‘What is Ransomeware?’ by Crowdstrike
[2] Source: ‘What is Ransomeware?’ by Crowdstrike