As we begin a new year, one trend that will only grow in importance is the critical need for cyber security measures. The Canadian manufacturing sector is known for its advances in digital technologies to enhance the automation of critical processes. Currently, at least 97% of Canadian industrial markets utilize data analytics to drive daily business operations, inform crucial decisions, and develop new products. While this is a step in the right direction, most industry leaders in the Canadian manufacturing sector fail to take cybersecurity with the utmost seriousness and concerns.
According to Datto's 2019 Global State of the Channel Ransomware Report, 32% of managed services providers reported that manufacturing was among the most targeted industry for ransomware attacks.
"It's not surprising that Construction and Manufacturing are top targets for ransomware. These industries are in a constant wave that flows with the ups and downs of the economy. Because of this, much of their work s project-based and recurring revenue is rare. As a result, it makes it difficult to invest in IT staffing or IT services that require monthly fees." - Vince Tinnirello, Managing Director, Anchor Network Solutions Inc. (Source: Datto's 2019 Global State of the Channel Ransomware Report)
According to Jason Myers, Next Generation Manufacturing CEO, Canadian manufacturing firms are complacent in cyber security and securing vital systems and data from malicious actors.
Although most C-suite executives are generally concerned with their cyber security postures, Myers doesn't think most manufacturers can protect themselves adequately. "I don't think most companies have an overall view of the risks they could potentially face. And I don't think most have a risk mitigation system in place – not just a plan, but the procedures, training and everything else – that can effectively assure senior management that their potential [cyber] risk is going to be adequately and appropriately taken care of," Myers notes.
Therefore, it is pertinent to raise awareness among the manufacturing industry leaders regarding the manufacturing sector's cyber threats and the need for advanced security controls.
In a survey involving 500 CEOs, owners, and senior management in manufacturing firms, the following findings came to light:
- First, 93% are overly confident in their cybersecurity implementations for protecting against current and emerging cyber threats.
- 20% indicated that their manufacturing firms are unconcerned about cybersecurity.
- Only 35% of the participants said their companies have developed and implemented a cyber incident response plan.
The above findings concluded that manufacturing organizations are complacent about enhanced cybersecurity postures. Specifically, a significant number of manufacturers are well-versed with cyber threats in online communications, such as eCommerce, email, and text messages, but lack awareness of threats to industrial control systems, products, data, and materials.
Meanwhile, many experts agree that the Canadian manufacturing sector should brace for exponentially increasing risks as manufacturers transform manufacturing processes through advanced digital technologies. Essentially, manufacturing companies require increased cyber security awareness to be more prepared in detecting and responding to attacks.
Current State of Canadian Manufacturing Organizations
The Canadian Advanced Technology Alliance (CATA) recently conducted a study that found that more than 30% of Canadian organizations in the manufacturing sector have poor cyber security practices. As a result, they leave themselves exposed to numerous threats and attack risks. However, in a recent release, Jean-Guy Rens, CATA Alliance vice president, noted that the finding does not imply that manufacturing organizations are doing nothing to protect themselves from modern attacks. "It's just that they have not deployed a comprehensive strategy to this end. The three basic actions of such a strategy involve the regular execution of a full audit of its information systems (IS), the presence of a written cybersecurity program and the appointment of a chief information security officer (CISO)," Rens observes.
The purpose of the study titled Cybersecurity in Canada – Survey of Cybersecurity in the Manufacturing Sector and Critical Infrastructure was to evaluate how companies in the manufacturing sector have implemented cybersecurity controls and requirements. The study found that integrating digitized operational technologies with information technologies, the Industry 4.0 paradigm, is a major trend among Canadian manufacturing entities. In particular, almost two-thirds of Canadian manufacturing companies are digitizing OTs and adopting Industry 4.0 innovations. Therefore, the primary question is how does up to 32% of Canadian manufacturers have poor cybersecurity practices despite modernizing their technological operation?
The main answer is that financial constraints. Manufacturing companies involved in the survey revealed that they have scanty cybersecurity budgets. Almost two-thirds stated that they invest less than $100,000 in cybersecurity in their annual budgetary allocations.
In addition, a lack of a cybersecurity culture in the corporate ladder has seen most manufacturing companies consider cybersecurity as an afterthought or separate discipline. Alarmingly, the survey revealed that 42% of manufacturing organizations lack a CISO position. Although some appoint CISOs, 54% appoint an IT employee, while 59% appoint a CISO that reports to the IT department.
Another critical challenge is the cybersecurity talent and skill gap. A 2020 report on cybersecurity skills shortage reveals that 89 percent of Canadian IT managers agreed that the cybersecurity skills shortage that has plagued the industry for years had created additional cyber risks for organizations. Markedly, the country, like most other places globally, continues to face a chronic shortage of skilled security talent, making hiring a difficult proposition.
Cyber Security is Critical to Manufacturing
In contrast to the perception of most manufacturers, cybersecurity goes beyond a single computing component. Robust cybersecurity protects digital technologies from attacks and breaches and covers third-party security management, supply chain security, employee training and awareness, secure communications, and governance. For example, in reference to governance, a CISO can assist manufacturing companies in defining the type and depth of data that can be accessed by specific employees, including C-Suite executives, which is not a technical function.
Moreover, since cyber-attacks can occur anytime, proactive cybersecurity plays a vital role in crisis management. Managing a cybersecurity crisis requires manufacturers to define and implement appropriate communication channels to ensure a rapid incident response, management, and business continuity. For example, developing and implementing a holistic incident response plan is one thing but training all employees to understand their roles in a crisis is another. Therefore, overlooked disciplines like maintaining a competent CISO or outsourcing cybersecurity functions to a proven managed security provider are particularly important to achieving recommended cybersecurity levels.
How Sentia Can Help
Sentia has been in the cyber security industry for numerous years, and our certified professionals have a vast wealth of experience. Our security solutions are designed to protect manufacturers and secure high-value systems and data from current threats. Some of our services include:
Cyber Security Consulting: With new threats plaguing the manufacturing sector every day, Sentia has a broad cybersecurity portfolio to prevent attacks and breaches. These include vulnerability tests, data leak prevention, and assessing cybersecurity configurations.
Managed Security Services: The digitization of operational technologies and integration with information systems requires a well-equipped in-house security team to thwart threats. However, only a few manufacturers can afford to maintain such a team due to financial restrictions. Fortunately, Sentia works with manufacturers to implement uniquely managed security solutions that meet your business needs. Our managed services include extended detection and response, vulnerability scanning, firewall management, and breach readiness as a service.
With Sentia's team of seasoned professionals, you'll get the consultative advice you need to help your business grow. So let's get the conversation started to see how we can help meet your unique needs to enable you to focus on what matters most – getting business done.
Request a conversation today.