The Internet of Things is pretty phenomenal.
It unlocks new workflows and revenue streams, allowing businesses to reach markets they might otherwise never touch. It provides deep insights into customer behavior and internal operations, enabling a whole new level of optimization. Through automation, it makes fields such as manufacturing more efficient and cost-effective than ever.
And it provides cybercriminals with the largest, most porous threat surface the world has ever known.
Last Monday, cybersecurity firm Trend Micro released a survey that revealed approximately 61% of smart factories have been the victim of a cyberattack, reports Dark Reading. For anyone who’s been paying attention, this is hardly a surprise. The manufacturing sector has been an attractive target for cybercriminals for years, thanks to a perfect storm of factors.
- Manufacturing is technologically immature. Over half of global manufacturers still rely on legacy systems, old processes, and outdated security measures.
- There’s a lack of security expertise. Even amongst smart factories, the cybersecurity talent shortage is largely evident.
- They’re a perfect target for ransomware. Manufacturing firms usually operate with extremely tight margins. Even a minor interruption can easily lead to six-figure losses.
- They often work with sensitive product information. For black hats engaged in corporate espionage, manufacturing plants frequently host proprietary information — blueprints, manufacturing specifications, and so on—data which gives a business its competitive edge and can easily do the same for an unscrupulous competitor.
Of course, manufacturing isn’t the only industry that’s lagging in the security space, nor is it the only attractive target. Healthcare, financial services, education…not one of these sectors is as secure as it should be. Not as a whole.
The problem is that even with a well-budgeted security department, a single organization can only do so much to protect itself. Yet, despite this, businesses insist on approaching cybersecurity in the same fashion as their core products. They fiercely guard their processes, policies, and systems, leaving everyone else to their own devices.
But cybersecurity should not be seen as a competitive differentiator. It should not be something one business has, and the others lack. And if we don’t break free of this siloed approach, it’s not IT departments and security personnel who will benefit.
Because while leadership shies away from working together to address malware, ransomware, and other digital incidents, criminals are increasingly working together, according to Security Intelligence. They have no qualms about sharing exploits, providing malicious software to one another, or discussing attractive targets.
It was hard enough to defend against scores of attacks from independent hackers and criminals. As these attacks become more organized and focused, prevention and mitigation may become next to impossible. Unless that is, we learn to work together.
Just as internal communication silos are of no help to anyone, inter-organizational security silos do more harm than good. The threat of cybercrime is not isolated to a single business, industry, or sector. It’s something we all need to face down.
And we need to start acting like it.