Play it smart: Cyber secure your plant

No business is too small to be a cyber target. PHOTO: FOTOLIA

Canadian manufacturers in the highly competitive automotive sector have a lot to gain by embracing Industry 4.0. Interconnected technologies that automate, the Industrial Internet of Things (IIoT) and cloud computing have the potential to dramatically change just-in-time manufacturing by enhancing interoperability, information transparency, technical assistance and decision-making.

But new technologies come with a darker side. As more information is stored online, equipment becomes increasingly interconnected and robots become more autonomous, malicious internal and external actors will have more opportunities to exploit them.

To ensure your company and its technological investments are adequately protected, it’s critical to acknowledge and understand the risks, and take appropriate steps to mitigate them.

While Industry 4.0 is still in its infancy, there are signs automotive manufacturers around the world are taking steps to adopt smarter manufacturing processes. Global procurement of robots is at an all-time high, with the International Federation of Robotics reporting auto manufacturers in NAFTA nations making up 55% of global purchases. New smart factories are also being built.

But this rise in technology adoption also raises cyber threats. Today, manufacturers are the most common target for e-mail-based malware, a cyber threat that a Verizon report says is responsible for 51% of data breaches across industries. Ransomware, a form of malware designed to extort hefty sums of money from its victims, has also increased in prevalence by 50% since 2016. Additionally, IBM estimated 60% of all cyber attacks are inside jobs, with 75% resulting from the work of malicious perpetrators, and 25% caused by unintentional actions.

This means a growing number of organizations of all sizes and across all industries are experiencing the horrors of cyber breaches first-hand. In 2016, the global WannaCry virus forced French auto manufacturer Renault to temporarily halt production in its Douai facility for a day. Similarly, 2,200-employee AW North Carolina, a transmission manufacturer supplying Toyota, was hit by ransomware twice over the last 12 months.

Such risks shouldn’t prevent Canadian manufacturers from making the investments necessary to launch their organizations into the future, but they should do so with their eyes open. As cyber hackers become more sophisticated and breaches more damaging, companies would be well-served to ramp up their defenses if they hope to protect their technological investments.

AW North Carolina, which supplies auto parts to nine Toyota car and truck plants across North America, estimated it lost $270,000 per hour during its first attack. Its production lines were shut down for close to four hours.

The ransomware infiltrated the plant’s computer network after an employee clicked on a link in a legitimate-looking e-mail, a common method used by hackers called phishing. While ransomware is swiftly becoming a significant threat for auto manufacturers, there are other ways malicious actors could put your business at risk. A competitor could hire someone to inject malware into your network, or your smaller suppliers, and change the specs of certain software elements. This corporate espionage could lead to errors in manufacturing, serious safety issues, massive recalls or other dire consequences.

Taking action

Internal threats are also growing, making your people one of the greatest potential cyber risks your company faces. As jobs become more automated, interconnected and mobile, employees have more opportunities to unwittingly put your network at risk by sharing sensitive information over e-mail, using personal phones to conduct work activity or failing to appropriately safeguard work computers with strong passwords. Disgruntled employees or those working on behalf of outsiders can also bypass firewalls and cause significant network damage.

While there is no way to completely defend your organization from these risks, there are ways to mitigate them or minimize the damage when breaches occur. Here are some strategies to consider:

1. Identify your security priorities. This includes people, processes and technologies that support critical business functions. Allocate the necessary cybersecurity resources.
2. Frequently test for vulnerabilities. Cyber threats are always evolving. Watch any new vulnerabilities that could be exploited.
3. Harden your systems. Reduce the points of entry into your organization by enabling only what you need. If a person doesn’t need access to an area of your network, don’t grant it.
4. Update your security measures. Apply all software patches when they become available and ensure your systems are regularly backed up to prevent loss.
5. Establish a response plan. It will be easier to get your systems up and running quickly in the inevitable event of a breach.
6. Train your employees. They must understand their role in cybersecurity. Show them what to look for when identifying phishing e-mails, how to handle sensitive online information and the elements of strong passwords.

No business is too small to be a cyber target. To successfully compete in an evolving, smarter world of manufacturing, technology and cybersecurity investments must evolve in tandem.

Sunil Chand is director, cybersecurity for Grant Thornton LLP, a Canadian accounting and advisory firm providing audit, tax and advisory services.  Visit http://www.grantthornton.ca/.

 This article appeared in the October-November 2017 print issue of AutoPLANT.