As Companies Go Digital, They Must Prepare for Growing Cyber Threats
The Internet of Things and big data promise much greater productivity for manufacturers, but with these advances also come with rising security risks.
For most Thai manufacturing companies, like manufacturers globally, the move toward digital transformation and Industry 4.0 is not an option. They know they must eventually support the technologies, if they don’t already.
Fueled by the large-scale deployment of connected sensors, combined with big data and machine-learning algorithms, Industry 4.0 is expected to bring the true smart factory closer to reality.
Specifically, Internet of Things sensors monitor and track plant equipment and transmit large amounts of performance data back to company databases to be processed and analysed with machine-learning technologies and other artificial intelligence.
This can help companies spot anomalies or errors in the operation of the equipment, heading off breakdowns before they happen and optimizing maintenance and replacement schedules for parts. All of this reduces downtime and maintenance costs while ratcheting up efficiency and productivity.
Although industrial companies have been undertaking some form of digital transformation for years, the rollout of Industry 4.0 technologies is still in its early stages. But it is picking up speed, helped by improvements in sensor technology and network connectivity. At the same time, more companies are storing and collating their data in the cloud at lower costs. And the huge volumes of data help companies to extract additional value with the help of more sophisticated computer analytics.
But companies implementing industry 4.0 technologies and reaping the benefits of digital transformation must also be aware that with the increased connectivity and vast trove of data comes greater security threats. Companies would be unwise to ignore these challenges.
Forbes Technology Council member Reed Wilson said a poll of business leaders he conducted in 2019 found that 94% were “extremely concerned” that their companies would lose data from security breaches, with 76% admitting one of their main strategies to counter the risks was to “hope it doesn’t happen to us.”
He cited the well-respected Verizon Data Breach Investigations Report, 2019 edition, which analyzed more than 41,000 security incidents and more than 2,000 data breaches, occurring in 86 countries. It found that 52% of breaches were caused by hacking, 33% included social attacks and 28% involved malware.
“Data breaches continue to make headlines around the world,” stated the report’s authors. “Seemingly, no matter what defensive measures security professionals put in place, attackers are able to circumvent them. No organization is too large or too small to fall victim to a data breach.”
They advise companies to manage risk with improved understanding of the types of threats that they and their peer companies face and how attacks have evolved over time.
Another recent study, the “2019 Mid-Year Data Breach QuickView Report,” reported 3,813 breaches from January through June 2019, up by 54% from the same period in 2018. And the 2019 breaches exposed more than 4.1 billion records, 52% higher than a year earlier. Most of the breaches in 2019, as in the previous year, were small, but three of the incidents in the first half of 2019 were among the 10 largest breaches of all time.
Experts Recommend a Comprehensive Defence
Companies must, therefore, fend off growing cyber threats to their devices, networks and databases from such attack modes as hacking, malware and misuse or errors by employees. Experts recommend an end-to-end defense. This includes:
Endpoint security: to protect devices, including preventing file-based malware and detecting and blocking malicious activity from trusted and untrusted applications. Endpoint security measures include advanced malware protection, endpoint encryption and file integrity and access monitoring.
Data center security: to protect databases with a range of measures, including vulnerability assessments and penetration testing, privileged-access management and network and application performance monitoring.
Network security: to safeguard both hardware and software with such measures as next-generation firewalls, secure web and email gateways and intrusion detection.
Cloud security: to safeguard online data from theft, leakage and deletion. Measures include implementing firewalls, penetration testing, obfuscation, tokenization, virtual private networks and avoiding public internet connections.
Security services: including hiring outside vendors to conduct vulnerability assessments, penetration testing, cybersecurity forensics and employee training.
Authorities Tighten Data Security Regulations
Meanwhile, in addition to implementing security safeguards and countermeasures, Thai companies also have to contend with a tough new Cybersecurity Act, which includes requirements for companies to provide information and follow procedures in the event of cyber threats, based on the level of severity. The requirements are most harsh on companies and organization deemed to control critical information infrastructure. These could include banks, IT and telecommunications firms, transportation and logistics companies and energy firms and public utilities.
According to the Thai Electronic Transactions Development Agency, there were a total of 2,520 cyber-threat incidents in 2018.
The government in 2019 also passed a separate Personal Data Protection Act, which has been compared with Europe’s General Data Protection Regulation, or GDPR. It requires websites and other businesses to gain consent from users to collect, use and transmit their personal data.
All this means that while digital transformation and Industry 4.0 technologies have the power to streamline operations and substantially boost productivity, the integrity of a company’s data becomes even more critical to their operations. Failing to secure it risks reversing any gains they make from the new technologies.
Meanwhile, in addition to implementing security safeguards and countermeasures, Thai companies also have to contend with a tough new Cybersecurity Act, which includes requirements for companies to provide information and follow procedures in the event of cyber threats, based on the level of severity. The requirements are most harsh on companies and organization deemed to control critical information infrastructure. These could include banks, IT and telecommunications firms, transportation and logistics companies and energy firms and public utilities.
According to the Thai Electronic Transactions Development Agency, there were a total of 2,520 cyber-threat incidents in 2018.
The government in 2019 also passed a separate Personal Data Protection Act, which has been compared with Europe’s General Data Protection Regulation, or GDPR. It requires websites and other businesses to gain consent from users to collect, use and transmit their personal data.
All this means that while digital transformation and Industry 4.0 technologies have the power to streamline operations and substantially boost productivity, the integrity of a company’s data becomes even more critical to their operations. Failing to secure it risks reversing any gains they make from the new technologies.