By Gregory Hale
There is an unsung hero these days that remains a steady but sure backbone as digitalization continues its march forward allowing for unprecedented growth and productivity in the manufacturing sector – cybersecurity.

“Benefits of digitalization are incredible, bringing about huge advancements in our industries and unprecedented improvements in operational efficiencies, safety, sustainability, though it was almost like opening Pandora’s box, opening the door to a lot of unforeseen cybersecurity risk,” said Quest Taylor, global cybersecurity offer manager at Schneider Electric. “And this is why we see cybersecurity as being a cornerstone of digitalization today.

Indeed, the numbers don’t lie.

With digitalization and increased connectivity on the rise, there are 15.14 billion Internet of Things devices connected in 2023 and there will be almost 30 billion by 2030, according to a Statista report.

Add on top of that, the average costs of a data breach continue to skyrocket as they reached an all-time high in 2023 of $4.45 million, according to the IBM Security “Cost of a Data Breach Report” conducted by Ponemon Institute. This represents a 2.3 percent increase from the 2022 cost of $4.35 million. Taking a long-term view, the average cost has increased 15.3 percent in just three years from $3.86 million reported in 2020.

In-House Security Challenges
“The current threat landscape presents several major challenges, and most of them are centered around vulnerability management, compliance management, and incident management,” Taylor said. “And really these challenges are compounded by two main things. One is the dearth of qualified security workers. Then on top of that it is just building a compelling business case for cybersecurity risk management that shows a direct positive ROI. Our industries are highly driven by what brings us more money, what’s going to bring us the most value for this investment, and so it’s really easy to show the relationship between reduced time to perform a task or the operational efficiencies of implementing this digitalization solution, but it’s sometimes a lot more challenging to show the value of a security measure fending off an incident that you have no idea if it’ll even happen.

That is where managed security services comes in. It is a cost-effective way for a manufacturer to employ cybersecurity while not having worry about it: Let the experts do that.

“Managed security services in its most basic fundamental sense is really just having security services provided on a recurring basis, typically by a third-party provider,” Taylor said. “This could be a daily activity, a weekly activity, or monthly. We see the most overarching themes of this being around vulnerability management, threat monitoring, and incident response support. But there’s truly a whole portfolio of cybersecurity services that can be provided and managed.”

Schneider Bold

While it is hard to imagine manufacturers are not developing a cybersecurity program, the classic “an attack won’t happen to me” mindset seemed to prevail for a long time, until recently.

Hiring Experts
“We had kind of a lag in the industry where companies didn’t invest very heavily in cybersecurity, but lately there has been uptick in spending,” Taylor said. “And with that, they’ve tried to be able to hire people to come and do the work for them. And so, they’ve learned hiring is a challenge, and they’re realizing they need to seek help outside of the hiring talent pool and really looking to security professionals to provide them help.

“From the perspective of when your car needs fixing or you’re doing a home improvement project, you typically turn to an expert. Some can successfully do it themselves. But most of us cannot. And we turn to an expert. However, there is a select few that think they know what they’re doing and quickly find out they are in way too deep. They recognize they can’t successfully do it themselves; they learn it takes a whole dedicated team that understands OT processes and OT security inside and out,” Taylor said. “They are looking to external security providers to help them manage the complexities of their process needs, the compliance requirements, the quickly evolving tech landscape.”

Sometimes though, the external security team is working with multiple organizations and the question rises about how quickly it can react to any kind of issue.

Taylor said that can be an issue for the manufacturer and something the provider must stay on top of at all times.

“Security is the number one thing the managed security services provider must focus on every single day,” Taylor said. “To do this, the provider needs to ensure there is proper coverage in a relatively low utilization rate to ensure it can cover all sorts of instances and be able to take on that abnormal instance of high alert volumes. Customers should challenge their providers to ensure they’re getting the proper coverage and their utilization rate is at a decent number so they can take on higher volumes of alerts because it’s going to happen someday as the industry keeps growing, and as the threat landscape evolves.”

In that evolving landscape which has traditionally been reactive, a managed security services provider can bring proactive methods to the table.

Proactive Cybersecurity
“Managed security services are consistently managing the attack surface, supporting the manufacturer to remediate vulnerabilities and helping apply the appropriate security measures,” Taylor said. “They can also help identify the company’s crown jewels as well as the best way to protect them and what to do in the event of an incident. Another way is to head off an incident before it becomes something by using a service called active threat-hunting.”

There are plenty of organizations offering managed security services, but a manufacturing enterprise has its own set of needs when it comes to security and Taylor has a few suggestions for what a company should look for:

OT process and OT security expertise: OT has a lot of unique challenges, the technologies, regulatory bodies, and the incident handling procedure that typical IT strategies employ just do not cover the OT space very well.

Flexibility: The provider needs to create a package of services that aligns to the current and future technology stack.

Reputation and experience: You want to know that someone’s done this, you want to know that they’ve done this well and you want to know if they’ve delivered these services in your segment.

Scalability: Can the provider handle your growth as a business? You expect to grow over time. If you expand regions, you acquire new companies, or even if you just add a new manufacturing line, can the provider adapt and still provide the same level of service?

Managed security services can give a manufacturer a clear roadmap of measures that can align cybersecurity with the business’ objectives, as well meet compliance and regulatory issues.

Cybersecurity will remain the backbone as digitalization continues its rise across the manufacturing sector. Follow the map and stay on course to remain secure.

ISSSource

Pin It on Pinterest

Share This