Cybersecurity in Manufacturing:
How can factories manage data security risks with Smart technology?

The importance of cybersecurity in manufacturing

Does this sound like you?

After intense negotiations with dozens of vendors, grueling engineering discussions with the production team, painful budget approvals, and months of redrawing the assembly lines, you moved your semi-automated production process into something contemporary. Your modern world-class manufacturing line is now a text-book case of how a connected Industry IoT plant should look: you have robotized processes, IoT asset management, automated vendor plug-ins, remote monitoring and control of most production routines, vision managed defect assessment, and a holistic view of how your other plants halfway around the world are functioning -all in a single screen, with a few clicks.

Now that you have slashed defect rate cut down human intervention, and improved production rate, you think you have got it all figured out and can take that over-due holiday on the beach? Right?

Wrong.

Sorry to be dramatic. But this is what the cyber bots are heard saying: “Thank you for creating a fertile territory for us to proliferate. We couldn’t be luckier”.

Speed is only half the battle in IIoT

The ‘Floating assembly lines’ of industrial revolution 4.0 are designed to meet demand in the shortest time possible. Approved supplier systems automatically log in and ship components to a live assembly line to meet the production targets of an OEM producer. Most of these decisions are made by systems using a variety of software (AI, IoT hub, decision algorithms), learning systems (M2M), networking (IR, 5G NR. Cloud computing), and production systems (3D printing).

Consider the possibility that a supplier’s system is infected with malware and enters this system. It could proliferate the OEM supply chain, other supplier systems, and respective corporate IT infrastructure in minutes. The potential for damage is even more significant if, by some means, it mutates and destroys safety mechanisms in the plant and endangers human lives.

According to the Deloitte and Manufacturers Alliance for Productivity and Innovation (MAPI) study, 48% of surveyed manufacturers fear that cyber attack is a real threat and the greatest danger they envisage for smart factories. And damage due to a cyber incident in manufacturing was estimated to be about $330K.

Disconnected islands in a sea of connectivity

The single biggest threat appears to come from here: Operational Tech (OT) and Information Tech (IT) systems do not talk to each other. OT refers to hardware and software used to change, monitor, or control physical devices or processes within a production facility.
Traditionally, manufacturing systems have been proprietary with few, if any, open standards for third-party plug-ins.

Tightly coupled legacy systems become a natural barrier for easy upgrades imposing change-impact study for every minor upgrade. Security controls for such systems are vendor-driven patches that are slow to come by. Also, vendors of traditional manufacturing systems do not cover OT in service agreements and maintenance contracts. The IT team simply believes that ‘all is well as they focus on the rest of corporate ERP, DB, networking, and productivity systems.

Some important cyber security considerations for the manufacturing facility are detailed below:

  • Solution Design: Restrict device and system access to authorized personnel only. Ensure cloud or network access follows rules-based access control.
  • Access & Authorisation: Ensure default passwords are changed in all IIoT devices, the new passwords conform to IT Security policy, and access control of edge devices is regulated. Default password vulnerabilities in 3rd party connected devices are a leading cause of security vulnerability.
  • Production Planning: Ensure company-wide secure remote access policy is defined, followed, and documented. Ensure cyber intelligence information exchange, record incidents, document phishing attempts, and develop thwart methods.
  • New Technologies: 3D printing and enhancements to the existing production line should be zoned separately with one-step isolation. For network 3D printers, it may be required to run separate cyber assessment tests and share reports with corporate IT security teams.
  • RPA, ML, NLP, and AI: These new technologies have clear benefits on the shop floor but will bring in their threats. Deploy rigorous application whitelisting, access control, portable memory control (USB drives moving in and out), controlled access to the internet on such systems, and accurate real-time inventory management.
  • Asset Management: Ensure security rules and policies are risk-based rather than compliance-based. Maintain a qualified, dedicated team to create surprises in addition to routine checks. This team should be aware of company-wide incidents and trained to observe seemingly unconnected events to extract real intelligence in a security scenario.

Since digital and cybersecurity elements will become all-pervasive sooner or later within corporates, it is a matter of time before they start impacting manufacturing processes.

Conduct a thorough cybersecurity assessment

This is an independent exercise and should not be downplayed in a regular corporate IT security audit. Ideally, the cyber assessment should be done every six months, including OT in the IIoT environment, recorded results, gaps plugged, shared with corporate IT and cybersecurity intelligence groups in the industry for mutual benefits.

It is also advised to build security protocols across the corporation, cover micro-assets and entry points for physical and digital products, and make sure the protocols are part of an overall security umbrella policy applicable to all branches and personnel.

In conclusion, remember that internal view often leads to fatigue derived from familiarity. It helps tap the rich experience of industry experts who have already done some of these things.

For example, at Trigent, our industrial security experts have delivered solutions in RPA (complementing human judgment with automation-led efficiency), predictive maintenance, and AR (Augmented Reality – helping find unique ways to connect humans and machines) for big and small manufacturers. Our clients across energy and oil, retail and manufacturing, healthcare, and education stand testimony to our capabilities.

Give us a call or drop us a line. We will be happy to help.

Digital Transformation in Banking – What Is Right for Your Bank?

Digital transformation in banking has been an important trend amidst economic uncertainties induced by the pandemic. Financial companies are dipping their toes in digital waters, eager to modernize their IT structure in 2022. It is no surprise that Gen-Z and millennials want their banks to be technology-driven with competitive digital solutions.

Digital and mobile channels are now critical for customer acquisition and satisfaction. The dependency on e-payments has increased all over the world. The global mobile payment market is expected to surpass US$ 590 Bn by 2032 at a CAGR of 30% for the forecast period 2022-2032. The United States alone expects a market valuation of US$ 42 Bn in 2022, with contactless payments growing by 150% in 2020.

Banks, too, are eager to modernize their IT infrastructure with technologies that would bring about a cultural, organizational, and operational change. They are now looking for improvisation in four distinct areas: process, technology, data, and organizational change. The focus is now on building an ecosystem that facilitates personal, automated, and cohesive customer journeys.

The cornerstones of successful digital transformation in banking

As banks gear up for the ‘next normal’ waiting for the pandemic to recede, they reset their digital agenda on the road to recovery. They are shifting towards digital channels to address scalability and reliability concerns while catering to customers’ growing needs.

Every project for digital transformation in banking, however, should work towards:

  • Engaging clients with tailor-made solutions and experiences
  • Empowering employees with tools and technologies to enable accessible, holistic information
  • Optimizing internal operations with automated, synchronized processes
  • Building a connected ecosystem

Top benefits include:

  • Faster time to market for product and pricing
  • Cost-effective ways to scale
  • Future readiness with agile and remote solutions
  • Digital competitiveness with capabilities like open banking and real-time payments
  • Better services to enhance product innovation and customer satisfaction
  • Lower risks with regulatory compliance and greater security
  • Greater efficiency and productivity
  • More business value with data insights and cognitive automation

Banking infrastructure modernization – Technologies and use cases

Artificial intelligence (AI), machine learning (ML), and Big Data – Financial companies are leveraging these powerful technologies to transform the customer experience with seamless services and safe transactions. They help detect and prevent payment fraud. They offer a 360-degree view of the customer and are believed to reduce delinquency rates by almost 76%.

AI can be applied for multiple banking infrastructure use cases such as risk assessment, fraud detection, asset management, credit intermediation, process automation, client onboarding and KYC (know your customer), and algorithmic trading. Global spending on these technologies is expected to double from $ 50 billion to $110 billion in 4 years from 2020 to 2024.

While AI and ML help increase the efficiency and accuracy of workflows, feeding ML models with big data helps decision-making around portfolio allocation, assessing creditworthiness, and making underwriting decisions. HSBC has been using AI for fraud detection, transaction monitoring, sanctions screening, and identifying insider trading & bribery.

Robotic Process Automation (RPA) – The operating activities in financial companies involve a multitude of standardized processes. RPA ensures optimal data processing and takes care of rule-based and repetitive tasks quickly and efficiently. It reduces human workload, minimizes errors, and enables cost reductions. Digital processing of business transactions also helps in fraud prevention in a big way.

SBI General Insurance has used RPA and AI to build a digital-first business model. It leverages technology to get a 360-degree view of customer activity across touchpoints to understand customer expectations and personalize their offerings. It uses predictive analytics to upscale its cross-sell initiatives and AI to personalize customer journeys. The company relies on RPA to keep track of total premium payments and implement tax liability confirmation.

Blockchain – Blockchain has secured a coveted place in a world of digital currencies like Bitcoin and Ethereum. It allows you to store cryptographic encryption in a block. All blocks have a unique value distributed across the network, and it is impossible to manipulate in any manner. Data integrity thus is an essential aspect of blockchain though it is popular for its speed and transparency.

Blockchain enables transactions almost in real-time and instantly saves changes, facilitating the exchange of massive amounts of data in the shortest time. Transactions are unchangeable, traceable, and protected from money laundering. Smart contracts stored on a blockchain help execute an agreement between participants without the involvement of an intermediary.

Such is the power of blockchain technology that China is kicking off an intensive blockchain trial involving 164 entities despite its checkered history with digital currencies. President Xi Jinping describes blockchain technology as “an important breakthrough for independent innovation of core technologies.”

Cloud computing – Financial companies now rely on external data centers to manage their workloads. Cloud computing technology has become an essential aspect of mobile banking and payment services. It also plays a crucial role in trading, evaluation processes, and customer relationship management.

As per a survey, 40% of banks have already deployed cloud computing, while 30% have deployed application programming interfaces (APIs). Cloud computing enables speed to market with new capabilities.

Singapore’s Asia Digital Bank Corporation (ADBC) has collaborated with Tencent to develop cloud-based banking technology to offer personalized experiences to customers. It also aims to provide small and medium-sized enterprises with digital banking services to ensure end-to-end, frictionless, and seamless processes.

First steps to creating sustainable outcomes

It is easy to navigate through the chaos despite economic uncertainties by building on core strengths and tweaking existing business models. Here’s what you can do.

Grow an ecosystem

Banks have long relied on the tried and tested method of ensuring growth. They have been introducing new and relevant products to existing customers. But those like Ideabank and ING have gone beyond their traditional core to strengthen customer engagement with a 360-view of customer data.

They now provide other services like accounts-receivable management and cash flow analysis to small and medium enterprise (SME) customers. Post Bank has gone a step further to capture a market share in nonbanking domains. It is now the largest provider of mobile phone services in Italy, using its already strong franchises to offer new services to existing customers.

Address multiple needs of customers with a financial supermarket

A mix of third-party offerings can help customers manage their financial needs via a single integrated channel.

That’s how aggregators sell 60% of the auto insurance policies in the United Kingdom. Bank Bazar in India caters to more than 23 million customers without having proprietary offerings.

Offer value throughout the customer journey

Banks and financial companies can grow if they decide to extend the scope of their services to add more importance at different stages of the customer journey.

Commonwealth Bank in Australia (CBA) created an augmented reality app to help customers use their phone’s camera to see the price and sales history of the properties they were interested in. The app with financial tools such as a mortgage calculator allowed the bank to extend its role in the home buyer’s journey.

Monetize the data with analytics

You can use customer data (location, lifestyle preferences, age, gender, etc.) to get insights and anticipate customer needs. Some of the biggest banks in Canada have collaborated with Toronto-based SecureKey to help customers access online services offered by the federal government using bank credentials. Banks rely on the data they have to verify identities before allowing access.

Credit card companies have access to the data of customers and merchants. This data helps them foster new partnerships and gain access to new potential customers.

Develop a product portfolio

Financial companies should also consider leveraging back-end assets to create value for smaller businesses. These businesses usually lack the reach or resources for core banking products and services. This makes an opportunity sweet spot for financial companies to develop and sell products through third parties.

ING has collaborated with Kabbage, a US-based startup, to provide value-added services in Europe. ING brought to the table its reservoir of capital and relationships with SMEs. At the same time, Kabbage leveraged its easy-to-use interface and risk-management algorithms to offer quick decisions on loan applications.

Modernize your banking infrastructure with Trigent

Regardless of the technologies you choose or the digital routes you wish to pursue, a good view of your capabilities is critical to ensure infrastructure modernization. We have extensive experience in helping financial companies achieve digital transformation goals. Our services and solutions are designed to help them at different junctures in their digital journeys to boost their digital capabilities.

We drive IT modernization projects for the BFSI sector to make it agile while taking care of the complex regulatory and compliance requirements.

We can partner with you to simplify and standardize your IT infrastructure. Call us today for a business consultation.

Exit mobile version