Connected devices can increase manufacturing cybersecurity risks

The Internet of Things (IoT) — the wave of internet-connected products entering the marketplace every day — is expanding at an astonishing pace and increasing the risk of cybersecurity attacks. A recent prediction by International Data Corporation (IDC) estimates there will be 55.7 billion connected IoT devices by 2025, generating almost 80 billion zettabytes of data. To illustrate how massive that amount of data is, one zettabyte is 1 trillion gigabytes.

Cyber risk for manufacturing

Clearly, the IoT offers tremendous benefits, but connected devices can also present significant IoT cybersecurity and privacy risks. For manufacturers, the Industrial Internet of Things (IIoT), a subset of the IoT revolution, further magnifies the attack surfaces that can be exploited by cybercriminals as more network-connected devices are integrated into industrial operations.

While similar in principle to consumer IoT devices, such as virtual assistants, smartwatches and other wearable technologies, IIoT devices in manufacturing perform very different roles. Examples include everything from sophisticated robots on a factory floor to smart sensors performing real-time digital intelligence and production control functions. What IIoT-connected machines share with consumer IoT devices are potential vulnerabilities to cyberattacks.

Manufacturing cybersecurity breaches

The key cyber risk challenge of the IIoT environment is that formerly standalone equipment is now network-connected to increase efficiency, control, and productivity. With that connectivity comes the potential that cybercriminals might find and use a software vulnerability in production hardware as a point of entry into a company’s network. In some cases, newly acquired IIoT devices have even been compromised by malware during manufacture and initial programming, allowing them to unleash dangerous code into a network as soon as they go online.

The stakes are high. There were an estimated 5.5 billion malware attacks worldwide in 2022, an increase of 2% over the preceding year. An increasing number of those attacks are being directed at midsize manufacturers that historically were lesser targets since they were perceived as less data-rich than corporations with larger quantities of user personal information. Not so anymore. That attack could come from an unanticipated direction, such as a robotic welder on your production line. Odds are that if your company has not already been hit by a cyberattack, it is only a matter of time until it is.

Reducing manufacturing cybersecurity risks

The first step in developing an effective IIoT risk-reduction strategy should be bringing together IT and operational personnel to help them better understand each other’s issues and identify measures that can help protect the business from cyberattacks. Key to this process is identifying equipment most vulnerable to attacks, such as industrial control systems, open platform communication systems, wireless sensors and cameras, internet-connected HVAC systems and systems controlling the utilities serving a facility. Keep in mind that cybercriminals can even leverage wireless office equipment, such as printers, triggering a costly production line shutdown or delivering a ransomware demand.

Manufacturers also need to develop protocols to help ensure firmware installed in new production and control equipment is free of malware that can infect a network after the new equipment is integrated into the production process. Malicious software hidden in the operating system of new production equipment can be programmed to remain dormant and may be difficult to detect until it is triggered when sensing the presence of other devices and an available network.

Finally, a production facility needs intrusion-prevention software customized to the needs of a manufacturing environment. Cyber defenses in an industrial setting need to respond not only to software anomalies that may indicate an active intrusion, but also to the abnormal behavior of operational equipment, such as robots and other connected hardware, which might signal a cyber event is in progress.

Effective risk management in any sphere always begins with a clear understanding of the nature and scope of the risks you face. Understanding the threats that may be associated with IIoT devices can help manufacturers reap the benefits of exciting, new technologies while protecting their productivity, property and people against cyberattacks.

Learn more about Zurich’s cyber products and services.