Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operational Security //

Training

2/8/2019
07:00 AM
Larry Loeb
Larry Loeb
Larry Loeb
50%
50%

How Secure Is Manufacturing?

Study finds that manufacturing industries struggle to find skilled cybersecurity staff and are underspending on training – but it's not all bad news...

Manufacturing has not attracted a lot of the security glitz afforded to other sectors. Yet prior research has found manufacturing to be the most targeted sector for coordinated cyber espionage.

The Information Systems Audit and Control Association (ISACA) and the Digital Manufacturing and Design Innovation Institute (DMDII) partnered to survey the global manufacturing sector and see what was going on. The survey involved 167 participants from across ISACA, DMDII and the Manufacturing Extension Partnership stakeholders.

The organizers admit the survey had a small sample size, but say they have "plans to expand this research with a larger-scale survey in the future."

The results from the study found that manufacturers are still involved with security concerns including those related to Internet of Things (IoT)-integrated devices along with employee security and errors those employees may cause. Respondents also continue their struggle to deal with finding skilled cybersecurity staff and are probably underspending on security training.

However, positive results were found on many fronts compared to other sectors.

  • 78% of manufacturing organizations have a formal process for dealing with cybersecurity incidents, and 68% have one for ransomware attacks.
  • 77% expressed confidence in their security team's abilities to detect and respond to advanced persistent threats (APTs).
  • 34% noted they were experiencing more cybersecurity attacks today than a year ago, compared to 62% across all industries from ISACA's 2018 State of Cybersecurity survey.
  • 74% indicated they believed their organization's cybersecurity training budgets would either increase or at least be maintained at current levels; only 4% anticipated a decrease in the coming year.

There were still areas that needed attention paid to them.

  • 75% of manufacturing organizations have a program in place to promote cybersecurity awareness among their employees, but only 37% believe that their programs are very to completely effective.
  • 47% of manufacturing organizations are spending less than US $1,000 on average each year on continuing education opportunities for their staff -- versus 25% in other industries -- and nearly 1 in ten reported that their enterprises spent nothing on average each year on these educational opportunities.
  • 81% of manufacturing organizations are somewhat to very concerned about the potential cybersecurity risks with personal, Internet-connected devices. Fifty-eight percent don't allow those devices to connect to the corporate network and 72% don't allow those devices to connect to the corporate network on the manufacturing floor. BYOD is not in fashion in the manufacturing sector, it seems.

Finding skilled cybersecurity staff remains a problem for manufacturers. Respondents indicated it takes an average of five months to fill open positions and 61% of hiring managers said less than half of applicants are qualified.

Frank Downs, director of cybersecurity practices at ISACA, said in a prepared statement that, "Though the manufacturing industry has made great strides in addressing security issues, this research illustrates the need for organizations to elevate cybersecurity as a priority to build the foundation of its cybersecurity culture, better secure their operations, and strengthen the global digital economic ecosystem."

— Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/1/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Threat from the Internet--and What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15478
PUBLISHED: 2020-07-01
The Journal theme before 3.1.0 for OpenCart allows exposure of sensitive data via SQL errors.
CVE-2020-6261
PUBLISHED: 2020-07-01
SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to perform a log injection into the trace file, due to Incomplete XML Validation. The readability of the trace file is impaired.
CVE-2020-15471
PUBLISHED: 2020-07-01
In nDPI through 3.2, the packet parsing code is vulnerable to a heap-based buffer over-read in ndpi_parse_packet_line_info in lib/ndpi_main.c.
CVE-2020-15472
PUBLISHED: 2020-07-01
In nDPI through 3.2, the H.323 dissector is vulnerable to a heap-based buffer over-read in ndpi_search_h323 in lib/protocols/h323.c, as demonstrated by a payload packet length that is too short.
CVE-2020-15473
PUBLISHED: 2020-07-01
In nDPI through 3.2, the OpenVPN dissector is vulnerable to a heap-based buffer over-read in ndpi_search_openvpn in lib/protocols/openvpn.c.