A Challenge for Manufacturers – A Must for M&A

industrial internet of things connected factory and worker

A major theme revolutionizing the manufacturing industry and forcing the adoption of new processes and technologies is interconnectedness and the Industrial Internet of Things (IIoT).

IIoT refers to the interconnected network of industrial devices, machines, and systems that communicate with each other. IIoT has enabled manufacturers to make informed, strategic decisions using real-time data and achieve a wide variety of goals, including cost reduction, enhanced efficiency, improved safety and product innovation. It is estimated that there will be more than 75 billion networked devices online by 2025.1

While IIoT has brought significant benefits, such as improved efficiency and cost savings, it has also opened new security risks for manufacturers and risks for companies considering a merger, acquisition or financing transaction. A 2022 report by IBM, the X-Force Threat Intelligence Index, noted for the first time that manufacturing was the most targeted industry for cyber-attacks. They noted a 33% increase in attacks caused by vulnerability exploitation of unpatched software, a point of entry for ransomware to fracture global supply chains.

The Association of Equipment Manufacturers also noted that phishing and ransomware have ramped up 239% since 2019. Such attacks shut down computer systems and can hold a company captive until they pay a large sum of money. As companies automate, they can actually become more vulnerable to network hacks. Encryption updates, cyber insurance and staff training should be part of every company’s cybersecurity strategy.

One of the significant challenges with IIoT cybersecurity is the diverse range of devices and systems involved in the network. Each device can have its own unique vulnerabilities, making it challenging to create a comprehensive security strategy. Additionally, most of these devices are designed to operate in a closed network, and security was not a primary concern when they were developed. Security was an afterthought for many early-generation IoT applications. As a result, many IIoT devices lack the necessary security features and protocols to protect against cyber threats.

Another issue with IIoT cybersecurity is that these systems often have a long lifespan, making it challenging to update their security features. While regular updates and patches can address some vulnerabilities, many legacy systems lack the ability to support the latest security protocols, making them easy targets for hackers.

The IIoT cybersecurity risk is not limited to cyberattacks, as physical security also becomes a significant concern. An attacker, competitor, disgruntled employee or former employee who gains access to an IIoT device can manipulate it to cause physical damage or simply disrupt manufacturing, leading to severe consequences.

To mitigate the risks associated with IIoT cybersecurity, manufacturers need to look at this as a strategic business issue and not a technology problem.

Strategically implementing a comprehensive security strategy that covers all devices and systems in the IIoT network and operational technology overall is crucial. This includes implementing secure communication protocols or encryption of data, regularly updating software, securing and managing relationships between devices and identities, patching vulnerabilities and seeking to identify areas where traditional security controls may break down and expose a system to cyberattack.

Cyberattacks damage a manufacturers reputation, production, customer identities and competitive advantages, and can critically diminish the value of a pending or future M&A or financial transaction. Buyers, sellers, investors, and lenders are not only looking at the damage from actual cybersecurity breaches, but also assessing potential cyber risks as they relate to a deal. Manufacturers need a cyber preparedness strategy to protect against current threats and emerging vulnerabilities. Investing in a program to identify, protect, respond to, and recover from cyberattacks should be a priority.2

As with so many other issues, manufacturers should also prioritize educating and training employees regarding cybersecurity best practices. As humans are often the weakest link in security, employees need to understand how to identify potential security threats and how to respond to them.

Experts have said that we have been “building the plane while flying it,” when it comes to the rapid implementation of IoT. Manufacturers need to identify that there are vulnerabilities to the implementations they have done and are continuing to do while they improve their operations.

Not implementing IIoT isn’t an option in today’s competitive manufacturing environment as the value to operational improvements is too great. Identifying weaknesses and opportunities in security is key as this issue becomes even more important in strategic M&A endeavors.

Learn more about all the innovation happening with IIoT, including key trends driving value in our Manufacturing Sector report here.

1) – Internet of Threats – Securing the Internet of Things for Industrial and Utility Companies
2) – Cybersecurity for smart factories – Tools for managing cyber threats to manufacturing