Capgemini in cybersecurity warning on smart factories

Industry 4.0 technology has made smart factories a prominent target for cyberattacks,  according to a new report from multinational consulting company, Capgemini 

The report found that, in 2021,  manufacturing overtook financial services as the most attacked sector. Worryingly, it also discovered that in nearly half (47%) of organisations, smart factory cybersecurity is not a C-level concern.

 The report -  Smart & Secure: Why smart factories need to prioritize cybersecurity - examines how organisations are securing their smart factories, and the challenges they face in doing so.

Key findings include:

• People remain the top threat to cybersecurity. Of firms impacted by cyberattacks in the past 12 months, 28% noted an increase in staff or value chain vendors bringing in infected devices, such as laptops, smartphones and handheld devices to install or patch smart factory machinery.
• There is a disconnect between the C-suite and smart-factory leaders. More than half of respondents (53%) say that smart-factory leaders need to collaborate more closely with CSOs. Poor communication hinders the early detection of cyberattacks, leading to a higher level of damage.
• The skills gap is being ignored. Many organisations say their cybersecurity teams lack the knowledge and skills to prevent smart factory cyberattacks but that the leadership needed to upskill people is lacking.

Mature cyberattack practises key to smart factory protection

The report also found that cybersecurity leaders who deploy “mature practices across the critical pillars of cybersecurity” outperform their peers on cybersecurity measures in smart factories,.

Organisations with such leaders typically are able to recognise attack patterns at an early stage of deployment (74%) and reduce the impact of attacks (72%), compared to just 46% and 41% of their peers respectively.

Capgemini Global Cybersecurity Portfolio Lead Aarthi Krishna said: “As cyberattacks have grown in both frequency and intensity in recent years, the smart factory has become a prominent potential target. 

“By their nature smart factories need to be connected to the cloud or the internet, and while this instant global network connection brings advantages, it also results in a significant increase in the surface area vulnerable to attack via digital means.” 

Firms ill-prepared for risk of cyberattack - Capgemini  

But, warns Krishna, awareness of the mounting risks is not translating to preparedness on an organisational level. 

She says: “Many organisations surveyed say their cybersecurity analysts are overwhelmed by the vast array of operations technology and Industrial Internet of Things devices they must track in their attempts to discover and disable attempted breaches of their security.”

The report advises organisations to tighten up smart factory cybersecurity by:

• Performing an initial cybersecurity assessment across the entire organisation

• Building enterprise-wide awareness of smart factory cyberthreats 

• identifying risk ownership for cyberattacks in smart factories;

• Establishing a framework that monitors and facilitates smart-factory cybersecurity

• Embedding cybersecurity practices tailored to the smart-factory environment

• Having strong governance structures.