Dominic Carroll

Comment: How manufacturing organisations can ensure cyber resilience

Opinion

Manufacturing organisations are on the front line of cyber attacks, with a recent survey finding that 78 per cent have experienced a cyber breach, says Dominic Carroll, director of portfolio at e2e-assure.

A cyber attack can be particularly catastrophic for the manufacturing industry
A cyber attack can be particularly catastrophic for the manufacturing industry - AdobeStock

A breach can be particularly catastrophic for the manufacturing industry as it has the potential to significantly disrupt business operations, leading to production lines being halted, resulting in long-lasting financial ramifications for themselves and potentially partners in their supply chain.

Most manufacturing organisations told our e2e-assure survey that they fully outsource their cyber security operations (54 per cent), but with only 19 per cent describing themselves as resilient, this raises the question of whether outsourced providers are performing adequately.

What are the key frustrations faced by the industry?

When asked about their top frustrations, over a quarter of manufacturing CISOs (27 per cent) stated that their provider was not being proactive. We also uncovered that over a third (35 per cent) felt that their provider was escalating too many false positives.

All too often providers appear to rely on re-selling pre-configured product offerings that may not be tailored to the specific needs of an organisation. In addition, these organisations rarely receive timely security updates or patches, meaning they struggle to respond to emerging threats, as true positives fail to be identified.

Agility is a key priority for manufacturing organisations, but with over half (53 per cent) stating that they don’t have flexible contracts, and with 34 per cent reporting that they have to bolt on services, there is a risk that organisations which are already over stretched or underfunded, will struggle to ensure their cyber provision continues to be fit for purpose over time.

Are the benefits of SOC-as-a-Service being realised?

With the majority of those in the sector (54 per cent) fully outsourcing their cyber security operations, alongside the exponential growth of SOC-as-a-Service, it remains one of the most popular cyber operations, with over a quarter (27 per cent) choosing this approach.

Indeed, we found that a large majority (65 per cent) of manufacturing organisations said their SOC is either okay but has room for improvement, or that they’re looking to make changes (25 per cent).

Key frustrations include the continual need to bolt on new service offerings to meet security needs (50 per cent), and long and complex contract terms that make editing the service or switching provider difficult (35 per cent).

Having a flexible cyber security solution, both technically and commercially, is integral for manufacturing organisations in supporting them to scale their security services based on changing business needs and evolving cyber threats. With the industry introducing new systems and technologies to help streamline production, having the ability to adapt their cyber security services to meet changing demands is essential.

Ensuring cyber resilience with Attack Disruption

Organisations should question providers on their ability to immediately contain threats and ensuring that they use the latest automation technology, isolating incidents first and investigating them immediately. By this, I mean where appropriate rulesets and automation are utilised to detect suspicious account activity, with the account being temporarily disabled.

SOC analysts are then immediately notified of a high priority incident, which is then triaged as being a true or false positive. If the result is a false positive, then the account or EUD (End User Device) is re-enabled, if it’s a true positive then the next steps in the response process are activated. This makes a manufacturer’s environment increasingly difficult to bypass as attackers must take an entirely new approach and operating model to have any hope of going undetected.

Driving ROI

It’s important that organisations push for closer integration so providers can better understand their environment, leading to greater ROI.

Organisations should ensure they demand more proactive and up-to-date reporting to drive quicker decision making. This is essential for measuring risk reduction. Tools such as dashboards or heat maps can be used to provide a comparison of the level or risk before and after implementation.

Providers should also be able to give visible metrics pertaining to the reduction in time spent on activities such as manually analysing alerts. This is even more of a priority for manufacturing organisations which must act fast to avoid occurrences such as theft of IP. Providers should be able to give clear KPIs including the Mean Time To Detect (MTTD) as well as Mean Time To Respond (MTTR) which critically highlight how long it takes to neutralise an incident when a threat is detected.

To conclude, it’s vital that manufacturing organisations have a deep understanding of the cyber threat landscape, with attacks on the industry showing no signs of relenting in 2024.

Dominic Carroll, director of portfolio at e2e-assure

cyber resilience