Previously a concept associated with millennials and tech-startups, working from home and connecting exclusively online has become the new normal for many organisations. It is a trend that is set to continue for the foreseeable future.
While both businesses and individuals have been quick to adapt, their focus has consistently been on maintaining business continuity. Governments and corporations alike are leaning heavily on technology for their primary modes of communication and information sharing.
In Australia’s manufacturing sector this is the same. Factories dependent on manually-operated machinery – are now looking for ways to scale up automation to at least enable basic processes to be carried out remotely, in order to limit the number of workers that must be physically present on the factory floor and prepare for the event we are pushed back into remote working situations to manage the spread of infection.
However, this heightened integration of and dependency on digital infrastructure has resulted in a greater vulnerability to cyberattacks. For one, there has been the mass migration of sensitive information on unsecure networks – one common example being employees accessing confidential files remotely or on personal laptops. People are also spending more time online for both work and leisure. In the rush to revert to business-as-usual, speed has been prioritised over safety.
Cybersecurity is even more complicated and multi-faceted in the industrial, manufacturing, pharmaceutical, and R&D, sectors. Companies in these industries face the challenge of merging legacy infrastructure, decades of paperwork-based record-keeping, as well as on-site machinery and information-sharing systems, while also having to ensure that intellectual property, as well as safety and quality standards are not compromised.
Weaving a Robust Safety Net
Bringing together the right combination of technology and processes presents its own challenge. Not every organisation has existing employees equipped with the requisite knowledge and skills required to understand not only where the gaps are, but also how to design, deploy and maintain more secure and connected systems. In addition, such systems should be designed and deployed with a comprehensive view of cyber security.
A holistic approach to industrial security must be enterprise-wide – from the mailroom to the factory floor and executive boardrooms – encompassing every single end-device. More important than the technology itself, are the people who embody the organisation; its employees. Risk management must account for all factors: people, processes and technologies. It merges the strengths and capabilities of the IT and operations teams – both of which are indispensable in securing network infrastructures.
Identifying Areas for Improvement
First, a security assessment should be conducted to identify all the current and anticipated risks and vulnerabilities an organisation is and could be exposed to. A thorough assessment will account for software, networks, control systems, site-infrastructure nuances, policies, procedures and even employee behaviours.
The foundation an effective cybersecurity strategy is built on comprises of the following:
- An inventory of authorised and unauthorised devices and software
- Detailed observation and documentation of system performance
- Identification of tolerance thresholds and risk and vulnerability indications
- Prioritisation of each vulnerability based on impact and exploitation potential
- Mitigation techniques required to bring an operation to an acceptable risk state
Most companies are already facing headwinds from the global economic downturn. While investing in cybersecurity can feel like an additional burden on strained resources, it plays an almost disproportionately outsized role in mitigating risk, deterring bad actors, and reassuring employees, corporate partners, and shareholders.
Working with cybersecurity experts allows for an objective assessment of your organisation’s vulnerabilities. This forms the foundation of an effective cybersecurity strategy which should be able to integrate seamlessly with legacy infrastructure and account for regulatory restrictions, employee behaviours, and industry-specific risks.
A Constant Evolution
Talk of Industry 4.0 began almost a decade ago, but an unexpected impact of the novel coronavirus has been the acceleration of digitalisation for businesses across every country and sector. While innovative technologies such as intelligent automation, cloud computing, and machine learning have been proven to optimise efficiency and reduce overhead costs, organisations must also be ready to deal with the associated risks, namely an interconnected enterprise that is almost entirely housed on a digital network.
Cybersecurity systems and protocols are a crucial component of a successful digital transformation and businesses should seek to continuously review, improve, and upgrade their protective infrastructure accordingly.
Debraj Chakraborty is Business Development Manager, Network & Security Services, South East Asia for Rockwell Automation: With more than 17 years’ experience in the field of Network & Cyber Security Consultation and Services, Debraj is a proven leader in Business Development, having strong commercial acumen in driving customer centric, sales and marketing strategies across multiple countries in South East Asia. He is a frequent commentator and industry spokesperson in the field of cybersecurity amid digital transformation towards Industry 4.0 and Smart Manufacturing. He was previously a speaker for the ICS chapter in Malaysia. Debraj has a bachelor’s degree in Mathematics from the University of Calcutta, India. He holds several professional Cisco certificates pertaining to Networks & Security.