AVANT is a leading IT services facilitator and adviser focused on next generation IT solutions for the industrial sector. The company recent surveyed 300 CIOs to assess the rate at which third-party and/or cloud-based solutions are replacing legacy solutions in their tech stacks. The report found that many manufacturing companies mistakenly think they’re at lower risk of a cyberattack. A copy of the report can be accessed here.
We recently sat down with Ron Hayman, Chief Cloud Officer & COO at AVANT to some added insight on industrial cybersecurity and the industry's current state of preparedness against such attacks.
Jeff Reinke, Industrial Equipment News: How would you rate the U.S. industrial sector's level of preparedness when it comes to cybersecurity or facing a possible cyber-attack?
Ron Hayman, AVANT: Based on our findings in the State of Disruption Report, manufacturers are not changing the way they are handling security by leveraging third-party security companies. They are not evolving the way other sectors are in the accelerated use of Managed Security Services Companies (MSSPs).
The lack of security know-how puts the manufacturing industry at high risk. Based on our expertise, we believe the U.S. industrial sector has earned a “D-” for its cybersecurity preparedness. By failing to adopt third-party security service providers, the manufacturing industry lacks access to key intelligence and data collection that is typical to the MSSP industry. For instance, companies like Trustwave proactively search the dark web and review the threat landscape by industry.
With the unemployment rate for cyber security at zero, it’s clear that more companies are placing a laser-focus on this area -- and it’s in the best interest of manufacturers to follow suit. But the challenge, for most, lies in attracting and retaining top talent. Resolving this issue requires a level of expertise. Manufacturers tend to find themselves competing for the caliber of talent they need to survive today’s sophisticated threats.
JR: Why do you think there's such a high level of false security with U.S. manufacturers?
RH: There are a few reasons for the false sense of security that U.S. manufacturers have. Most organizations’ security spend is based on meeting compliance requirements. Because the focus is on compliance, and not overall security, organizations will only achieve the minimum and spend their money on robotics, factory workers, and engineers.
U.S. manufacturers also underestimate the value of intellectual property to the developing world. Many manufacturers believe that they’re safer -- not because their security is so good, but because they are not retail shops with large records of customers with credit cards or other high-value target information. They fail to realize that their intellectual property is at risk from bad actor nation-states and foreign manufacturers that covet U.S. technology innovations.
It takes an average of 55 days to identify a breach. And what’s even more alarming, is that many organizations don’t know they’re breached until a third-party like Homeland Security or the FBI informs them.
JR: What are the benefits of bringing in a third-party solutions provider for IT security?
RH: 3.5 million cybersecurity jobs are predicted to be unfilled by the year 2021. Manufacturers’ risk is too dire to keep competing for full-time talent, lest they look up in 2021 and still find themselves in need. It’s necessary for IT leaders in this sector to begin partnering with managed security service providers (MSSPs).
These partners can recruit and retain top talent while providing technical expertise across multiple disciplines of security. Companies who rely solely on compliance requirements for protection will find themselves at risk in the ever-changing cybersecurity landscape. Working with an MSSP can help you tackle the security, compliance and governance requirements necessary to secure an environment.
JR: Looking to the future, what do you think will be the most important steps for U.S. manufacturers to take in protecting their IT infrastructure? Are there any specific technologies that will need an increased rate of adoption in order to help the industrial sector?
RH: As geopolitics continue to influence companies’ choices on where they manufacture products, we can expect cyber attacks focused on intellectual theft and sabotage from nation-states to increase. Also, as 5G and IoT devices become more prevalent in the manufacturing space, it will be necessary to partner with managed service providers to ensure that these devices maintain up-to-date firmware and are protected.
This is the only way to ensure that they don’t become weaponized for future denial-of-service attacks. Additionally, as sensors are implemented to automate production and allow for remote management, the risk for infiltration for the purposes of sabotage and information collection will increase.