Why Industry 4.0 is Increasing Manufacturing Cyber Attacks

Industry 4.0 is driving the convergence of IT and operational technology (OT) in global manufacturing, bringing advantages around profitability, visibility over real-time data and insight, improved production and greater quality control.

The pace of this transformation shows no signs of slowing – across the US, Latin America and Europe, 70% of OT systems in manufacturing firms will soon be connected to corporate IT networks, up from 50%. In Asia and Oceania, progress is moving at a similarly rapid rate. 

From a technological and operational perspective, Industry 4.0 technologies like cloud computing, industrial internet of things (IIoT), AI, wireless technology and edge computing are essential for manufacturers. 

But increased adoption and application significantly broadens the potential attack surface for malicious actions, exposing manufacturers to greater risk of cyber attacks across their core operations. 

Telstra International, in collaboration with Omdia Research, has explored this more complex and challenging environment, finding that few firms are mature in protecting and defending against cyber risks, that responsibility for security is unclear and that people and skills hinder security posture. 

IT-OT increases threat landscape

Omdia surveyed more than 500 global technology executives on the convergence of IT and OT in their core operations and how they managed cybersecurity challenges. 

It says that the manufacturing sector is a prime target for threat actors including crime affiliates, nation-states and cyber criminals seeking to exploit essential operations through cyber extortion.

Four in five, or 80% of respondents, report a significant increase in overall security incidents or breaches over the last year, with manufacturing firms of different sizes impacted.

A large number of these incidents originated in IT rather than OT and were responsible for expensive and significant disruption - 31% say they incurred financial losses as a result of being attacked. 

“Greater connectivity between IT and OT is necessary to harness advanced technology for manufacturing innovation, but it increases the risks of a breach,” explains Telstra International’s Head of Global Enterprise Business, Geraldine Kor. “However, very few firms are mature in protecting and defending against such cyber risks. 

“Our study also uncovered a fragmented approach to security responsibility, which can leave manufacturing businesses without a clear direction. This responsibility must be clear and integrated so that one group or person will have the authority to act on security challenges for mission-critical systems."

The quandary of integration security

Manufacturers are turning to IT-OT integration to improve their security posture.

However, vulnerabilities around the use of interconnected and hybrid clouds as well as greater data sharing, make key areas of the IT-OT stack more vulnerable (93% of firms globally have been affected by a cybersecurity incident at the highest planning level). 

Threats and types of attack vary, although the magnitude of downtime costs from any kind of breach are still critical to manufacturers.

Respondents list advanced persistent threats (APTs), malware, data manipulation or destruction and DDoS attacks as the most commonly encountered threats. 

“More pervasive connectivity between IT and OT is essential across greenfield and brownfield manufacturing system design and enhancements. Step change improvements to innovation, availability, safety and security require firms to harness cloud, IoT, AI and private networks, with IT/OT convergence bringing these technologies to life,” explains Adam Etherington, Senior Analyst at Omdia.

“However, most firms have been hit with expensive outages and security incidents while traditional security controls, policies and culture struggle to keep pace. Given the magnitude of downtime costs from any breach or network incident that impacted operations, it’s important to better understand the causes for proactive remediation.”

Recommendations and other

Despite this broad scope of attack vectors, Omdia finds a lack of readiness and preparedness among manufacturers.

Most firms, it says, are at an operational or developing maturity level, with only 19% considered advanced in securing their IT-OT systems. 

Responsibility for securing assets, typically reserved for production managers or engineers, is increasingly falling to cybersecurity and IT leaders, says Omdia. 

While this reflects the fact that most incidents in manufacturing originate in IT, Omdia believes the shift isn’t happening quickly enough – it recommends manufacturing companies appoint a “clear and empowered executive with end-to-end responsibility across IT and OT across global global and regional sites”. 

This is one of several key recommendations and strategic areas of focus from Omdia and Telstra. The report recognises that managing cybersecurity risks across converged systems will be essential for ensuring operational resilience and maintaining competitive sustainability in the future. 

It says companies should take actions including planning to proactively integrate Industry 4.0 technologies, applying a converged security posture view across all layers of the manufacturing technology stack, investing in cybersecurity capabilities and utilising standalone AI-powered tools and integrated platforms to enhance protection. 

Ganesh Narayanan, Telstra International’s Global Head of Cyber Security, concludes: “Organisations should prioritise IT-OT and IoT security across six core areas: Collaboration and planning, defining a strategy, bolstering technical expertise, assign responsibility and accountability, leveraging the right tools and expedite readiness with standards."

Explore the latest edition of Cyber Magazine and be part of the conversation at our global conference series, Tech & AI LIVE and Cyber LIVE.

Discover all our upcoming events and secure your tickets today.

Cyber Magazine is a BizClik brand