How CPG Manufacturers can Prevent Costly Network Breaches
The convergence of Information Technology (IT) and Operational Technology (OT) has increased vulnerabilities in the manufacturing industry, making it critical for CPG manufacturers to remain vigilant.
Many obstacles have faced CPG companies in the last year, primarily the pandemic, demand volatility, rapid e-commerce expansion, changing consumer preferences, decreasing brand loyalty, and supply chain disruption. As a result, meeting the rise in hyper-digital consumer demands coupled with anticipated low-levels in supply chain-dependent inventory brings additional challenges to industries keeping up with the rise of digital transformation.
Recent research from Accenture indicates that the CPG industry “will see more change in the next 10 years than it has in the last 40." Advancements in technology and disruptors, like the pandemic, are fueling rapid growth in e-commerce. To keep pace, CPG manufacturers are modernizing their operations and supply chains to ensure they can compete in a more digital world.
However, modernizing to meet the demands of a digital economy has created new network security vulnerabilities and made CPG manufacturers a prime target for cyberattacks.
In fact, over 40% of manufacturing firms suffered a cyberattack in 2020. There has been a 62% global increase in ransomware since 2019 (with a 158% increase in North America). According to the FBI, cybercrime cases reached 800,000 in 2020, costing victims a total of $4.5 billion.
As manufacturing continues to make technological improvements to its processes and increase operational efficiency, the IT/OT convergence has taken place in the last several years that is putting businesses at risk. The integration of Internet of Things (IoT) and industrial control systems (ICS) with IT networks is expected to accelerate in the years ahead due to the growing availability of 5G, cloud adoption and improved network communications bandwidth. This means a rising number of devices with disparate operating systems will connect and transmit data across IT networks, significantly expanding the attack surface open to cyberattack.
How Secure is your Business?
For businesses that have invested heavily in IT security and come to rely on partners for protection of their enterprise network, there is a belief that their cybersecurity is "good enough" to meet the current threats. However, the challenge is that most of the IT security methods that manufacturers have relied on for years were not designed to identify or protect operational technology. Manufacturers must be aware that layering IT solutions on top of one another is not adequate protection for these IoT, IIoT and ICS systems and devices.
One such attack was in May of 2021 on the world’s largest meat processing company, JBS, which was hit by a cyberattack that crippled its beef and pork production. The only way for the company to stop the attack was to pay $11 million in ransom. This disruption in meat production was felt across the United States, even though it only lasted a few days before the ransom was paid and the attack was halted.
In March of 2021, Molson Coors Beverage Co. was hit by a cyberattack that disrupted its brewing operations and shipments. While some plants were restored within 24 hours, others were not fully operational for days. The risks of these cyberattacks have cost companies millions, if not billions, of dollars in revenue.
The Biden Administration’s May 12, 2021, executive order directed federal agencies to implement Zero Trust Architecture, as defined by the National Institute of Standards and Technology. These requirements will likely impact manufacturers to take more responsibility for protecting their systems and their supply chain partners, as the risks include not only loss of data, but also loss of life. Put simply, the stakes are high.
CPG manufacturers should review and start to understand the recommended Zero Trust guidelines and use this level of security as the framework for their overall strategy. Their IT systems, including OT and IoT, and existing security standards, should comply with Zero Trust and other federal information security policies. Given the administration’s emphasis and existing trends -- Gartner estimates 60% of businesses will shift to Zero Trust networks by 2023 -- it seems certain that adopting a Zero Trust architecture will ensure not only compliance with the strictest standards, but also the ability to interact with business partners.
How can you adopt Zero Trust to improve your network security?
Most of the IT security methods that manufacturers have relied on for years are not designed to identify or protect IoT/IIoT and OT. The goal of a Zero Trust framework deployed in an enterprise is to verify trust in people, devices, systems, and networks before engaging/interacting with them - and continuously verify that trust to ensure nothing is compromised. It changes the old saying of 'trust, but verify' to 'never trust, and always verify' and that any request for network access must be continuously authorized.
As a core component of Zero Trust principles, micro-segmentation is the emergence of software-defined networks and network virtualization. Access to OT/IoT devices and systems in software can be managed and separated from the industry standard perimeter-focused security tools. Through this proven approach, it’s easier to deploy segmentation across all networks and systems unlike traditional firewalls, intrusion prevention systems (IPS) and other security systems. Micro-segmentation limits potential lateral exploration of networks by hackers. Zero Trust is not software or a specific network. It is, rather, a strategic approach to security.
As CPG manufacturers continue to integrate between companies and their supply chain partners, manufacturers have been warned that the rise in cybersecurity threats is due to both the growth in Internet-enabled devices and operational technology. As cyberattacks on SolarWinds, Bombardier, Colonial Pipeline, and others have demonstrated, these threats put critical and confidential data at risk, as well as jeopardize operations and production.
Partnering with a Zero Trust cybersecurity leaders such as Onclave Networks can help CPG manufacturers protect their smart factories and supply chain. The Onclave network eliminates the attack surface area for operational technology, while simplifying management issues and reducing costs.
ABOUT THE AUTHOR
Scott Martin is CMO of Onclave Networks, Inc., and has nearly 25 years of experience in emerging technology, software, IoT, durables, and consumer products. Onclave provides the first true Zero Trust+ secure communications platform - protecting legacy and new operational technologies from cyberattacks by securing the edge with Zero Trust, micro-segmentation and continuously reassessing trust.