Technology is advancing, allowing more data to be stored in cyberspace rather than in a physical location. The Industrial Internet of Things allows companies creating and using IoT-enabled products in a supply chain warehouse setting the ability to leverage information that was before inaccessible. However, while this new world represents great strides in productivity and management, it also comes with massive risk.
According to Tripwire, nearly 100 percent of IT security professionals expect that the IIoT will see an increasing rate of cybercrime in the coming years. More alarming, less than half feel that their organizations are prepared to prevent or respond to these cyberattacks. Around 35 percent did not even recognize the danger. Regardless of company size, all IIoT organizations feel that they are at increasing risk.
Knowing Which Devices Must Be Protected
Part of preventing cybercrime comes from understanding which devices are at risk of being exploited by hackers. In short: all of them. Every single machine that stores data and has access to the network can be used to infiltrate a company. This means that an organization encrypting its computers with double passwords will still be vulnerable if a device like an IIoT-enabled printer or conveyer belt is left unguarded.
Cybercrime is different from traditional crime. If a criminal smashes the lock on a filing cabinet, he or she only has access to those files. Any single IoT-enabled device can breach the entire network. Some companies, such as HP, are taking initiatives to educate their clients on the potential risks that all IIoT devices possess. Awareness is the first step in an effective cybersecurity strategy.
"Every machine that stores data or has access to the network can be exploited."
One other factor to be aware of is corporate Bring Your Own Device (BYOD) policies. These allow company employees to augment mandated tech with their own personal devices. Though this measure can increase productivity, it opens a dangerous security breach. A device like a smartphone, for instance, can quickly store both personal and professional data. This device can then be sold, given away or lost without the company even being aware of its existence.
Mixing personal and professional is not a safe strategy and should be avoided to achieve a secure workplace.
Training Employees to Be on Watch Against Cyberattacks
Education follows awareness. Every employee who interacts with the network must understand how it functions as well as how cybersecurity policies keep it safe. This training must be kept consistent as cybercrime tactics are continuously evolving. It is important to remember that cyberattacks come in a variety of methods, including phishing, malware and ransomware.
The common thread is that all of these breaches exploit employee ignorance.
"A specific individual or group needs the power to implement cybersecurity policy."
Hiring Experts When Needed
Having the right employees matters when dealing with a cyberattack. While the temptation may be to bundle the duties of information security under other IT work or even under OT jurisdiction, this is not a good idea. Gartner stated that this method would not allow a proper cybersecurity standard to be put into place - much less be a cost-effective solution.
Normal IT departments already have their hands full maintaining day-to-day operations and updating software/hardware as needed. A specific individual (or group) needs to be given the power to implement cybersecurity policy, as well as have the devoted time to monitor against attacks.
Forming a Plan Against Cyberattack
When a cyberattack does happen, time is paramount. The manufacturing industry has been speeding up. A delay of a full day would be costly in more than one way. On top of that, a multitude of actions need to happen very quickly: legal counsel should be notified, the cybersecurity team needs to identify the leak source, stop the leak and take measures to ensure that any immediate follow-up attack is also thwarted - all while the PR team debates a statement.
Digital Guardian asked a host of experts from various industries and found that all agreed that forming and maintaining a plan on how to respond to a cyberattack was prudent policy. The plan should not be a rigid protocol but rather be allowed to develop alongside technological advancements.
Cybersecurity is not a sector of security, it is an entirely new frontier. The IIoT is designed to optimize the supply chain, speeding up every phase. A cyberattack can derail this entire advancement, leading to a disaster that costs millions to resolve.