• Industry 4.0 / IIoT

How to Manage Cybersecurity Risks in the Age of IIoT

Written by Robert Brice
January 9, 2018

How the Rise of Industry 4.0 Creates Need for New Security Measures

Cybersecurity is critical to manage risks in the age of IIoT

As the rise of the Industrial Internet of Things (IIoT) brings about increased efficiency and productivity to the supply chain, it also raises the risks in the age of IIoT.

Technology is advancing, allowing more data to be stored in cyberspace rather than in a physical location. The IIoT allows companies creating and using Internet of Things (IoT)-enabled products in a supply chain warehouse to leverage information in ways that were previously inaccessible. However, while this new world represents great strides in productivity and management, it also comes with massive risk.

According to Tripwire, nearly 100 percent of IT security professionals expect that the IIoT will see an increasing rate of cybercrime in the coming years. More alarming, less than half feel that their organizations are prepared to prevent or respond to these cyberattacks while around 35 percent did not even recognize the danger.

Regardless of company size, all organizations should recognize the risks in the age of IIoT.

Knowing Which Devices Must Be Protected

In short: all of them.

Part of preventing cybercrime comes from understanding which devices are at risk of being exploited by hackers. Every single machine that stores data and has access to the network can be used to infiltrate a company. This means that an organization encrypting its computers with double passwords is still vulnerable if a device like an IIoT-enabled printer or conveyer belt is left unguarded.

As IIoT devices become more common, identifying new potential security vulnerabilities is more critical than ever.

Cybercrime is different from traditional crime. If a criminal smashes the lock on a filing cabinet, he or she only has access to those files. Any single IoT-enabled device can be used to breach the entire network. Some companies, such as HP, are taking initiatives to educate their clients on the potential risks associated with IIoT devices. Awareness is the first step in an effective cybersecurity strategy.

Every machine that stores data or has access to the network can be exploited. A specific individual or group needs the power to implement a cybersecurity policy.

Other factors include corporate policies like Bring Your Own Device (BYOD). BYOD allows company employees to augment mandated tech with their own personal devices. While this measure can increase productivity, it also creates a dangerous security breach. A device like a smartphone, for instance, can quickly store both personal and professional data. This device can then be sold, given away or lost without the company even being aware of its existence.

Mixing personal and professional is not a safe strategy and should be avoided to achieve a secure workplace.

Training Employees to Be on Watch Against Cyberattacks

Education follows awareness. Every employee who interacts with the network must understand how it functions as well as how cybersecurity policies keep it safe. This training must be kept consistent as cybercrime tactics are continuously evolving. It is important to remember that cyberattacks come in a variety of methods, including phishing, malware and ransomware.

The common thread is that all of these breaches exploit employee ignorance.

Hiring Experts When Needed

Having the right employees matters when dealing with a cyberattack. While the temptation may be to bundle the duties of information security under other IT work or even under OT jurisdiction, this is not a good idea. Gartner stated that this method would not allow a proper cybersecurity standard to be put into place, much less offer a cost-effective solution.

In-house IT departments already have their hands full maintaining day-to-day operations and updating software/hardware as needed. A specific individual (or group) needs to be given the power to implement cybersecurity policy, as well as have the devoted time to monitor against attacks.

Consider hiring cybersecurity specialists or consultants to ensure your security policies are effective.

Forming a Plan Against Cyberattack

When a cyberattack does happen, time is paramount. In industries like manufacturing, the loss of even one workday due to a cyberattack can prove costly.

On top of that, a multitude of actions need to happen very quickly: legal counsel should be notified, the cybersecurity team needs to identify the leak source, stop the leak and take measures to ensure that any immediate follow-up attack is also thwarted—all while the PR team debates on making a public statement.

Digital Guardian asked a host of experts from various industries and found that all agreed that forming and maintaining a plan on how to respond to a cyberattack was prudent policy. The plan should not be a rigid protocol but rather be allowed to develop alongside technological advancements.

Cybersecurity is not a sector of security, it is an entirely new frontier. The IIoT is designed to optimize the supply chain, speeding up every phase of operations. But as the risks in the age of IIoT become more acute, a cyberattack can derail this entire advancement, leading to a disaster that costs millions to resolve.