If you have built a thriving business in the industrial sector, there are endless concerns that occupy your thoughts throughout a workday.
- The difficulty in recruiting;
- The relationship with suppliers and the availability of raw materials;
- The costs of energy, new equipment, space, people and systems;
- Building business relationships that enableproduct distribution
Between bureaucracy, meetings and family, the hours of the day are not enough to do even half of what is needed...
...you rush through the day, watching the years go by faster and faster...
...and meanwhile the industry has evolved, embraced networks and technology - and turned into the so-called Industry 4.0 with benefits and dangers for your business!
Surely you have heard of it?
...but the risks of Industry 4.0 have not jumped on your priority list!
Because there is so much to be solved already that you probably didn't even realize that:
- Portugal saw 33.4% of industrial control systems under attack in 2021 alone;
- On average it takes a company +250 days to identify and contain a data breach;
- Our country is 31st on the list of countries most affected by cyber-attacks - and only behind Brazil in the percentage of users affected by phishing!
Relax: you don't need to shut down all the computers on the Internet, or nail wooden stakes to the windows.
We only suggest that you understand:
- What Industry 4.0 is and how we got here;
- How Industry 4.0 can help your company;
- What threats to your company has Industry 4.0 brought;
- How to defend your industry's IT structure against today's risks.
In this article, I'll give you what you need to make sure your company doesn't join the already long list of victims in the Portuguese business sector. In the end, you will have in hand the information you need to ensure that your production chain does not remain vulnerable.
Ready? Come with me!
Industry 4.0: how did we get here?
Let's organize ideas and understand where the industry came from: what stages it went through and where it is now?
First Industrial Revolution, 1784: This is the era most often studied in history classes. It comprises the creation of the steam engine, hydraulic power, and significant improvements in public transportation networks. It marks the beginning of mechanical production in Britain and the famous railroads;
Second Industrial Revolution, 1870: it was when we started using electric power, when the incandescent light bulb appeared, and when we registered significant advances in chemistry and health. In this phase we see the beginning of mass production and the emergence of the famous assembly line;
Third Industrial Revolution1969: At this stage, technology completely embraces the production chain, thanks to scientific advances and the creation of the Internet. Production becomes automated and depends on electronics and computers. Most industries are still in this phase;
Fourth Industrial RevolutionIt's the age of the Internet of Things, of artificial intelligence and the cloud, of advanced robotics and big data. Of the famous Industry 4.0, where assembly lines manage themselves and man in real time!
Before we dive into the risks and benefits of Industry 4.0 I want to make sure you understand it perfectly:
- The focus now is on the efficiency of productivity and processes;
- Industrial structures, whether machines or production chains, start to function in a modular and decentralized way;
- Systems communicate and cooperate with each other, largely thanks to the famous lloT, the industrial internet of things (memorize this concept because we will come back to it);
- You hear more about the cloud, about cyber-physical systemsdata exchange and automation!
In other words: it is the age of smart factories.
I can tell you, by way of curiosity, that this term "industry 4.0" was created by the German government, with the aim of promoting the computerization of manufacturing and the integration of data in industrial production chains.
But within Industry 4.0, the watchword is IIoT.
It is thanks to the Industrial Internet of Things that entrepreneurs in industry today face new risks and opportunities. And it is about these that we will talk, in the next chapter!
What's in it for me with IIoT?
Attention: this is not a pompous concept with no practical application.
A study conducted by Accenture points out that IIot investments were about $20 billion in 2012 and will rise to +$500 billion by 2020 alone!
Let's start at the beginning: The Industrial Internet of things is the application to industry of the Internet of Things, i.e., the simple use of technologies that enable the online interconnection of devices...
...for higher performance, lower costs, and increased productivity!
The industrial entrepreneur replaces old equipment with smarter resources and seeks benefits such as:
- Safer working conditions
"Every 15 seconds, 151 workers suffer a workplace accident. IIoT solutions for the industrial sector help reduce annual worker illness and injury costs by +220 billion dollars."
- Better cost savings
"It is estimated that IIoT tools will generate $1.2 to $3.7 trillion in economic value annually for this industry by 2025 alone; and that the industry will save $160 to $930 billion with the impact of health and safety optimizations by that time."
- Greater efficiency in operations
"35% of manufacturers in the united states have already started using data collected by sensors to streamline manufacturing processes. These companies expect about 12% in gains over the next five years, thanks to greater process efficiency."
The WatchGuard data I shared above can be summed up in one simple sentence: a more sustained decision-making process, more job security, higher productivity, and more revenue for the company's pockets, with benefits like:
- Inventory monitoring technology;
- Instant resource location;
- Sensors that collect data for predictive analysis.
If you are discovering IIot just now, remember that many entrepreneurs have already realized this.
A PwC article indicates that 73% of companies - not just industries - are now investing in this Internet of Things, and 47% already say that it will be the most important technology for reducing costs, even in the near future.
Is there any other way to maintain levels of competitiveness in this global market? The answer is given by the real stories of some industries in Portugal and in the world, in the following chapter.
IIoT in industries: case studies
An example of the application of the industrial internet of things in Portugal is the case of Volkswagen, in the famous Autoeuropa.
The German company has invested in Industry 4.0 in 2019, in a process where it seeks to integrate in the cloud +1500 companies in more than 30,000 locations worldwide, including the Palmela branch. The goal?
Increase company productivity by 30% by 2025, through enterprise and cost control, especially through a focus on the industrial cloud.
"The goal is increased efficiency and cost control because, for example, if there is a [new] production quality monitoring process developed in a factory, (...) it cannot be easily replicated because of different software languages or communication protocols, plus it needs local and powerful hardware to operate."
- Vânia Guerreiro, Volkswagen
Finally, let's look at the case of the company Norsk Hydro. And I want to tell you about this case, not because it is a Portuguese company, not to demonstrate advantages of the IIoT, but this time for the worst reasons.
Norsk Hydro is a Norwegian industry, producer of renewable energy and specialist in the extraction of aluminum , which enjoyed a modernized production chain, with all the advantages I have indicated so far...
...but had its system hacked by cybercriminals...had its operations frozen for months and lost more than 62 million Euros!
All this as a result of a ransomware attack on an employee who opened an infected email...
...from a reliable source!
➡️ Download our free Manual of Good Practices - Computer Security
The list of companies attacked in Portugal continues to grow and, according to an Osterman Research studystudy, the rate of attacks rose 71% in the last 12 months alone.
I will not elaborate on the precautions to take in order to avoid a ransomware attack or a phishing attemptbecause we have written all you need to know in previous articles on this website...
...but in the next chapter, I will explain how you should protect yourself if you have adopted IIoS technologies to optimize your industry's production chain!
What risks does the industry face?
It is important to establish that in this industry an attack is rarely an "accident": 60% of cyber-attacks on industries are in pursuit of intellectual property.
Yes: IIoT technologies have unequivocal advantages. But they share the same pitfalls that have plagued networked systems. Remember that most of the time when an industry acquires a new technology to improve its production chain...
...the security system is sold separately!
Before we get into concrete threats (and solutions for each of them) let's recap the six categories of protection that you should be aware of:
- Network security, i.e. protecting your networked production chain against unwanted outside intrusions;
- Operational security, that is, managing the permissions that each employee has to access and handle files with sensitive data and trade secrets;
- Information security, i.e. caring for the integrity of the data in circulation and the protection of the devices that store it;
- Application security, i.e. keeping software and devices integrated in the production chain up-to-date and protected against unwanted intrusions (physical or digital);
- Disaster recovery plan, i.e., contemplate a plan that ensures access to data and equipment critical to the company's operation, even in case of an attack;
- Training in best practices and cybersecurity, i.e., preventing the company's employees from putting the company at risk, since they are the most common gateway to new cyber-attacks!
You have modernized your industry. And now: what risks does it face?
All of these categories are present in the day-to-day life of an industry. For the cybercriminal, the gateways multiply. And a Dragos study shows that ransomware attacks on the manufacturing sector have tripled in 2019 alone.
You have to face reality: because of the rudimentary nature of their security processes, manufacturing processes tend to be easy and highly profitable targetsAs a result, the industrial sector is becoming a prime target for ransomware attacks.
At the same time we know that, in 2021 alone, there was an increase of 81% in cyber-attacks on Portuguese organizations - and throughout Europe the crime rate was no different. What to do? What tools to use to prevent the destruction of your production chain?
We will answer this question already below, in the final chapter of this article.
What are the cyber risks in the industry and how do I protect myself?
This chapter has the help of our partner WatchGuard: we will point out the risks that a modernized industry faces and immediately explain to you which solution you should invest in to mitigate the chances of falling into each trap!
"WatchGuard's cloud-managed access points have WIPS, a built-in wireless intrusion prevention system. Thanks to it, they extend the security of IoT devices on the premises of a modernized Industry 4.0.
Leveraging patented Marker Packet technology, WatchGuard offers the industry's most reliable WIPS (Wireless Intrusion Prevention System) and lowest false positive rate. Even better: it withstands the most extreme environments, rain, snow, dust and more."
- WatchGuard on Cybersecurity in Industry 4.0
"Segmenting your network (IIoT, Guest WiFi, corporate network, etc.) helps isolate IIoT devices from other traditional equipment, such as desktops. This limits the destructive spread of an attack, should it happen.
Network segmentation can be easily accomplished with a UTM firewall like WatchGuard's Firebox T35-R - designed to protect networks in harsh environments, withstand dust, moisture and extreme temperatures."
- WatchGuard on Cybersecurity in Industry 4.0
If you are not familiar with the concept, Shadow IT refers to the use of software or hardware within a company without the knowledge of the IT department. In practice, it can be something as simple as an employee sharing files with a colleague via a personal WhatsApp account - just because that way he or she works faster.
The problem is that this kind of practice leads to network overload and increased risk of cyber attack because:
- IT staff cannot verify the security of software or hardware used outside the protected network;
- Nor can they do any kind of management of these tools, such as updating them or running necessary patches .
"WatchGuard's Network Discovery service allows IT staff to map the network behind the firewall, with all known devices, using:
- Data from a mapping check
- DHCP Identification
- HTTP Header Information
- And the WatchGuard FireClient app
The assets on the network are now identified by icons and listed with specific information, such as IP address or device type. This allows new devices to stand out immediately – and enables the IT team to take timely corrective actions.“
- WatchGuard on Cybersecurity in Industry 4.0
Intellectual property theft is a classic threat to the industry sector: 47% of the breaches that happen inside a factory involve the theft of intellectual property. Typically, trade secrets are taken such as:
- New product proposals;
- Own manufacturing processes.
To get them, cybercriminals use techniques such as ransomware - with the goal of finding and later selling valuable informationto competitors.
➡️ Learn how to protect your company from a ransomware attack
"A critical step in protecting access to valuable data on the network is the implementation of an MFA or Multi-Factor Authentication. WatchGuard's AuthPoint goes beyond traditional two-factor authentication and considers innovative ways to identify users seeking network access.
On top of this, thanks to a vast ecosystem of third-party integrations, you can use MFA not only to secure network access, but also to secure access to VPNs and applications installed in the cloud."
- WatchGuard on Cybersecurity in Industry 4.0
"WatchGuard's new DLP (Data Loss Prevention) comes included in all Total Security Suite subscriptions and helps maintain the privacy of your confidential data. It prevents data breaches and enforces compliance by scanning text and files to detect sensitive information trying to leave the network.
When sensitive information is identified in this circumstance, the connection is blocked and/or quarantined - and the designated administrator is promptly notified."
- WatchGuard on Cybersecurity in Industry 4.0
It's shocking data: By 2021 alone, a projected shortage of 3.5 million cybersecurity professionals worldwide is predicted. And because it is a sector that is increasingly dependent on digital infrastructure, business people in the industry have reason to be concerned.
Every industry with IIoT technologies needs qualified candidates in:
- Operational technology (OT), to operate the software and hardware used in the production area;
- Industrial control systems (ICS), to control industrial processes.
Remember that in the absence of ideal resources, the solution should never be to hire unskilled labor. Let me give you a simple example: an IT department that does not know how to train against targeted attacks - such as phishing - allows its own employees to make the company vulnerable to outside intrusions.
➡️ Learn how to prevent a phishing attack in your company
"Sending a member of your team to a branch or factory for an on-site configuration is probably out of the question when resources are limited. But IT staff can do security deployments, right from their office, without the need to travel.
RapidDeploy is a cloud configuration and deployment tool that comes as a standard tool in WatchGuard's Firebox applications. Just connect it to the Internet: the rest can be done remotely, from anywhere."
- WatchGuard on Cybersecurity in Industry 4.0
"Traditional cybersecurity approaches typically rely on manual processes and pre-established policies to block attacks. This becomes more of a challenge when the IT team is small and already overwhelmed with alerts and false positives, letting attacks go undetected for months.
With an artificial intelligence foundation, such as WatchGuard's IntelligentAV, APT Blocker and ThreatSync services, predictive protection:
- It saves time;
- Correlates data:
- You make decisions faster;
- Minimizes human error;
- And it predicts future threat trends!"
"Since factories rarely have their own IT administrator, we simply ask one of the technicians to connect the power and network cables. The rest happens automatically and can be managed by our employees remotely.. RapidDeploy saves us time and expense. For example: replacing a firewall doesn't mean one of us has to fly to the other side of the world!"
- René Clausing, Head of IT at IKN GmbH
I have an industry: where should I start?
If you were interested in some of these tools but fear for the security of your industry's production chain, take a look at what our founder Nuno Diniz told some of the businessmen in the industrial sector that have become our clients:
If you prefer a free online evaluation, remember that you can schedule a 30-minute online meeting with one of our specialists!
