Manufacturers are increasingly turning to automation to stay ahead of ever-changing cybersecurity challenges and to minimize the damage once a cyber breach occurs.
The impetus behind this trend is simple: the risk of cyberattack is growing faster than the availability of qualified cybersecurity personnel to defend against them. According to the National Initiative for Cybersecurity Education (NICE), demand for cybersecurity specialists far exceeds supply, and the shortage will only worsen over the next few years, particularly in the areas of visibility and detection and incident response.
The need for cyber specialists is particularly acute among manufacturers as they move to a fourth industrial revolution model. Cyber risk has grown exponentially as manufacturers no longer have a simple on-premise network and are increasingly using cloud-based, machine learning and other Industry 4.0 applications. This creates additional points of vulnerability that can be exploited by cybercriminals. In addition, manufacturers must guard against cyber espionage of trade secrets and cyberthreats to plant operations—both of which can lead to business disruptions and carry significant risk of financial loss.
What’s more, cyberattacks themselves are increasingly automated. Today, the lone hacker has been replaced by armies of automated bots capable of mounting sustained and sophisticated attacks against company defenses.
As a result, manufacturers today recognize that not all cyberattacks can be prevented. Increasingly, the focus is on detection and containment—areas where automated processes can play an important role in limiting the damage caused by a breach.
To keep pace with these challenges, businesses are spending big. Morgan Stanley’s research estimates that the cybersecurity market will be worth approximately $183 billion by 2020. While that number pales in comparison with the estimated $4 trillion that manufacturers will spend on Industry 4.0, cybersecurity is arguably a critical prerequisite for success.
Manufacturers looking to bolster their cybersecurity defenses need to adopt a business-first versus a technology-first approach. This involves understanding the broader business priorities and risks associated with Industry 4.0 and the Internet of Things so that the appropriate talent and resources can be put in place to support the company’s cybersecurity strategy.
Increasingly, that resource mix includes automation. By automating common and frequently repeated processes, the company’s more experienced employees have additional time to focus on understanding cyber risks and developing an appropriate action plan to mitigate those risks.
Today, automated processes can be used throughout the cybersecurity operating lifecycle—from upfront preventative measures through to detection and response initiatives. In particular, automation offers the advantage of increased speed and range of coverage in responding to cyber incidents at the point where a manufacturer’s ability to detect and respond quickly is critical to minimizing damage and cost.
For example, automation allows a company to collect, correlate and process large volumes of threat data from around the network. Findings from this analysis can be used to predict an attacker’s next move so that protective measures can be coordinated under pre-defined security protocols and rapidly deployed across the system.
Each of these steps—detection, analysis, decision making and protection—need to happen in as close to real time as possible to keep pace with the speed of the attack and to minimize ’dwell time.’ This refers to the time an attacker is inside an organization’s network until detection. According to a recent m-Trends 2018 report from security firm, FireEye, the median dwell time globally was up to 101 days in 2017 from 99 in 2016, although it dropped to 75.5 days from 99 days in the Americas.
Reducing dwell time is critical to minimizing the damage that an attacker can wreak on a company’s assets. And that’s why automation has emerged as such a valuable tool.
Automating cybersecurity processes and using advanced visualization tools with sophisticated data aggregation, scrubbing and correlation features can help security personnel filter out unwanted “noise” and focus on the critical information needed to reduce dwell time and speed decision-making.
These measures are critical in addressing the shortage of skilled cybersecurity specialists available to manufacturers. They allow organizations to deploy their best people for more strategic analysis and planning roles. And they give those employees the tools they need to more efficiently and effectively counter the ever-rising wave of cyberattacks.
Shane Sims and Danny Le are both Principals with KPMG Cyber Security Services.