Smart factory operators are well aware of the cyberthreats they face but acknowledge lack of readiness to defend against them. Credit: Elenabs / Getty Images Organizations operating smart factories largely agree that cybersecurity is a critical component to their operations. Many, however, are unprepared to deal with the growing number of cyberthreats against them, according to a report released last week by Capgemini, a provider of technology and digital transformation consulting services.The report, based on a survey of 950 organizations globally, finds that 80% agreed that cybersecurity is a critical component of a smart factory’s operations and while more than half (51%) acknowledge the number of cyberattacks will likely increase over the next 12 months, their current levels of preparedness are low.Many of the executives contacted for the survey say they will be unable to respond effectively to cyberattacks in their smart factories and manufacturing locations. What’s more, many organizations say their cybersecurity analysts are overwhelmed by the vast array of operational technology (OT) and industrial internet of things (IIoT) devices they must track to detect and prevent attempted intrusions. Given the recent exponential increase in the number of connected devices within smart factories, the report notes, this is a problem that will only grow, especially since the number of IIoT connections is expected to reach 37 billion by 2025. Heavy industry most exposed to riskCapgemini reports that cyberattacks on smart factories appear to be both pandemic- and recession-proof, with 73% of the organizations that had suffered a cyberattack did so in the last 12 months. Organizations in heavy industries were the most impacted by cyberattacks on their smart factories (58%), followed by pharmaceuticals and life science companies (44%). “Because the assembly line in heavy industries is so robust—you have more complex operating systems, more complex software, more patches applied on a regular basis—the risk profile is much more exposed in heavy industry,” explains Capgemini Americas Vice President of Cybersecurity Strategy Dave Cronin.For pharmaceuticals, Cronin continues: “They’re aware of the issues but are much more reluctant to spend because they’re not forced to spend. There are no laws or compliance requirements.” At the low end of the attack table were plants in the automotive (36%) and aerospace and defense industries (33%). One reason smart factory security in the auto industry is better than other verticals is that it’s been at it longer. “They got a head start on this five or 10 years ago,” Cronin says. What’s more, “With all the research and development that’s gone into automated and driverless driving, the safety impact of that is understood so they’ve been more proactive with their cybersecurity strategy. They realize the reputational damage that could be done if they messed something like that up.”Skills shortage, shadow IT present security challenges to smart factory operatorsMore than a quarter of the organizations impacted by cyberattacks (27%) say they’ve seen the infiltration of unsecured IIoT devices for use in DDoS campaigns increase by 20% since 2019. In a similar vein, nearly three in ten organizations (28%) saw a 20% increase in employees or vendors using infected devices to install or patch smart factory machinery.The report also identifies some key challenges to getting cybersecurity initiatives off the floor in smart factories. For example, skilled manpower is a problem. More than half of the outfits surveyed (57%) say the scarcity of smart factory cybersecurity talent is much more acute than that of IT cybersecurity talent. Shadow IT is another challenge raised by smart factory operators. Capgemini reports that more than three-quarters of the organizations surveyed are concerned about the regular use of non-standard smart factory-specific processes to repair or update OT and IIoT systems. In addition, more than half the organizations (51%) say that smart-factory cyberthreats primarily originate from partner and vendor networks.Despite the high level of unpreparedness, there is a reason for some optimism, Cronin maintains. “It’s not all doom and gloom,” he says. “There are some companies taking appropriate steps. However, as these factories get overhauled and redesigned, for those that don’t take a proactive approach and assume everything is going to be fine, there will be additional problems.” Related content news CISA, FBI urge developers to patch path traversal bugs before shipping The advisory highlights how developers can follow best practices to fix these vulnerabilities during production. By Shweta Sharma May 03, 2024 3 mins Vulnerabilities news Microsoft continues to add, shuffle security execs in the wake of security incidents The company has appointed new product security chiefs as well as a customer-facing CISO as it continues to respond to high-profile attacks on its products and own network. By Elizabeth Montalbano May 03, 2024 4 mins CSO and CISO feature Malware explained: How to prevent, detect and recover from it What are the types of malware? How does malware spread? How do you know if you’re infected? We've got answers. By Josh Fruhlinger May 03, 2024 18 mins Ransomware Phishing Malware brandpost Sponsored by Cyber NewsWire LayerX Security Raises $26M for its Browser Security Platform, Enabling Employees to Work Securely from Any Browser, Anywhere Early adoption by Fortune 100 companies worldwide, LayerX already secures more users than any other browser security solution and enables unmatched security, performance and experience By Cyber NewsWire May 02, 2024 4 mins Cyberattacks Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe