Cybersecurity is one of the nine building blocks of Industry 4.0. It is one of the top elements that leaders and organizations must be on board with, to embrace a digital transformation and the use of industry 4.0 technologies.
As a refresher, my definition of industry 4.0 is a set of technologies that enable connectivity, transparency, and faster decision making. These technologies free up time to focus on the core competencies, and value-add work and are shaping the future of production, taking organizations to the next level. These technologies provide an augmented way to make continuous improvement.
There is a shift from the physical to the digital landscape; therefore, security threats have changed from physical to cyber. Critical industrial systems and manufacturing lines need to have robust cybersecurity measures and plans.
What is cybersecurity?
The Digital Guardian defines cybersecurity as “the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, damage, or unauthorized access. Cybersecurity may also be referred to as information technology security.”
It is paramount for companies, of any size, and individuals, to make cybersecurity a top of mind element as unprecedented amounts of data are collected, processed, and stored on computers and other devices. As all that information gets transmitted while doing personal and professional business, cybersecurity is the set of technologies and discipline practices dedicated to protecting that information.
What is the impact of cybersecurity?
Techopedia defines cybercrime as a crime in which a computer is the object of the crime (hacking, phishing, spamming) or used as a tool to commit an offense. Criminals who perform these illegal activities get referred to as hackers. Cybercrime is now more significant than any other crimes combined.
Cybercrime costs include:
- damage and destruction of data,
- stolen money,
- lost productivity,
- theft of intellectual property, personal and financial data,
- embezzlement and fraud,
- post-attack disruption to the normal course of business,
- forensic investigation,
- restoration and deletion of hacked data and systems.
All can end on significant reputational harm.
The facts and predictions are mind-boggling:
- $6 trillion annually in cybercrime costs by 2021
According to the Breach Level Index, in the first half of 2018, there were over 3 billion records compromised; 18 million records lost or stolen every day equivalent to 771,909 records every hour, 12.8 thousand every minute, 214 records every second.
Regarding the number of breach incidents by type, 65% are identity theft, followed by 17% account access. From an industry perspective, 27% of breaches in healthcare, 14% in financial institutions, and 3% industrial.
When comparing by region, 59% of breach takes place in North America and 36% in Europe and the same for the Asia Pacific.
- Half of all Cyber-attacks target small businesses
Owners generally do not believe a cyberattack will happen to them because they do not think their data is essential or attractive to hackers. The information has shown that there is a high vulnerability.
- The exponential number of internet users
There are 4 billion internet users, nearly half of the world’s population of 7.7 billion to date. There will be 6 billion internet users by 2022, 75% of the projected world population of 8 billion, and more than 7.5 billion internet users by 2030, 90% of the projected world population of 8.5 billion.
- 200 billion smart devices connected by 2020, 45 trillion networked sensors by 2040
The propagation of intelligent devices at home and factories, ranging from IIoT (Industrial Internet of Things) to mobile and wearables, increases the importance of having robust cybersecurity plans to reduce vulnerability to cyberattacks.
- Not enough cybersecurity professionals to keep up with the demand
Employers’ demand for cybersecurity professionals continues increasing. In 2019, approximately 6 million globally, according to some industry experts cited by the Palo Alto Networks Research Center.
The top five jobs employers are searching for in this field are:
- cybersecurity engineers
- cybersecurity analysts
- cybersecurity managers/administrators
- cybersecurity consultants
- penetration and vulnerability testers
Cybercrime will more than triple the number of job openings; an estimated 3.5 million cybersecurity positions will be unfilled by 2021. The cybersecurity unemployment rate will remain at zero percent.
What are the top cyber threats?
Everyone needs to care about cybersecurity because it does affect the bottom line of businesses and individuals. Here is where the terminology gets complicated, I will explain at a very high level as I have learned about them to gain awareness on the topic. Some of the definitions come from the National Institute of Standards and Technology (NITS).
- Phishing
It is a technique for attempting to acquire sensitive data, such as bank account numbers, through a fraudulent solicitation in email or on a web site. The perpetrator masquerades as a legitimate business or reputable person.
There are different ways phishing can show up. Fraudulent emails and web sites that look very similar to the legitimate sources can mislead anyone to respond and provide the information to be used to hack. More than 90% of successful hacks and data breaches stem from phishing. Emails crafted to lure their recipients into clicking a link, open a document, or forward information to someone they shouldn’t.
- Ransomware
A type of malware program that infects, locks, or takes control of a system and demands ransom to undo it. Ransomware attacks and infects a computer intending to extort money from its owner.
In March 2018, Boeing’s production plant in North Charleston, South Carolina facility got hit by a ransomware attack.
- Wireless Hacks
As wireless networks communicate through radio waves, a hacker can easily sniff the network from a nearby location. Wi-Fi is one entry-point hackers can use to get into your network. I’ve followed the advice of using a Virtual Private Network (VPN) to protect when using Wi-Fi.
- Authentication attacks
The process that allows an attacker to guess a person’s username, password, credit card number, or cryptographic key by using an automated method of trial and error. One method to avoid the attack is using a Multifactor authentication (MFA) that combines two or more independent credentials.
What to do about cybersecurity?
It is worth repeating. EVERYONE needs to care about cybersecurity to avoid the potentially huge consequences to individuals and organizations. Cybersecurity is a topic that must be addressed and managed by the board of directors and senior leadership of companies, including those in the non-profit sector.
If your company gets hacked, you are obligated to let your customers know. During the first half of 2018, there were 3.3 billion hacked customers.
There are some actions leaders and organizations, big and small, can take to address this hot topic:
Understand potential liabilities
Countries have different laws in place. Under US law, directors and executives of a company face a range of personal liabilities for matters relating to cyber risk. Following a data breach, a company’s board of directors may also be subject to litigation brought by shareholders claiming a breach of the directors’ fiduciary duties.
Be aware of the cyber risks
This topic is also part of continuous learning, and leaders must get educated about the risks and potential consequences of not making cybersecurity a strategic priority. Read and learn about what is happening in this space, stay up to speed.
Companies need to make sure they include a cyber test as part of the due diligence for an acquisition. Maybe that check was not done when Marriott acquired Starwood. Last year, the company had a hack in the reservation database for its Starwood properties that may have exposed the personal information of up to 500 million guests.
Be proactive about developing a strategy and action plan
The traditional contingency and emergency preparedness processes no longer work. Also, believing that only the IT department is the one responsible for taking care of the organization’s protection against a cyberattack is no longer valid.
In terms of having a formal security strategy, 40% of manufacturing security professionals responding to a Cisco survey said they do not have one. Due to a general lack of investment in cybersecurity, yet a growing reliance on modern technologies, the manufacturing sector is one of the most vulnerable and targeted industries.
Other critical actions include having the appropriate cyber liability insurance for the business. Moreover, companies should consider hiring experts like a managed security service provider (MSSP) to outsource auditing, monitoring, and management of security devices and systems.
Train every employee in the organization
We live in a different world now. Leaders must ensure there are communication and training to the workforce about the risks and potential consequences.
People being aware of the threats and knowing how to detect them and how to report them is crucial to prevent cyberattacks. According to the Herjavec Group, global spending on security awareness training for employees is predicted to reach $10 billion by 2027. Employee training may prove to be the best ROI on cybersecurity investments for organizations globally over the next 5 years.
Track cybersecurity metrics
There are several key performance indicators (KPI’s) to track cybersecurity. As we all know, what gets measured gets paid attention to and gets done.
Coming from a manufacturing operations environment, tracking metrics that report time to respond and address issues are vital to run the business. In the cybersecurity space, there are a couple of metrics worth understanding and monitoring.
- MTTI = Mean Time to Identify
- MTTC = Mean Time to Contain
In 2018, according to the Ponemon Institute, the average cost of a data breach per compromised record was $148. Also, it took organizations 196 days, on average, to detect a breach (MTTI = 196 days) and 69 days to contain the issues (MTTC = 69 days).
I have talked to leaders and board members about their concern about using industry 4.0 technologies to take their businesses to the next level. One topic they typically mention is the fear of the unknown of connecting their operations to a cloud and the cybersecurity risks associated with that. When I have that dialogue with technology providers and cybersecurity experts, they assure me there are ways to plan to avoid those risks. The NIST cybersecurity framework talks about these actions that need to be part of that plan:
Identify — Protect — Detect — Respond — Recover
The purpose is to share what I’ve researched, learned, and considered necessary for my clients to realize. Leaders need to seek the support of subject matter experts to act upon this significant new territory called the cybersecurity.
I dedicate my services to engage as a collaborative partner to help leaders and organizations figure out how to be successful in the process of digital transformation. Moreover, navigate through an unprecedented amount of complexity and speed of change of industry 4.0 technologies.
I assist by assessing and facilitating the readiness of the leaders who will define the course of the transformation and the workforce who are the ones to adopt the technologies so that the benefits get realized.
If you found this blog/article helpful, please add a comment below and share it. If you are interested in working with Alba or learning more, let us know here.