Home / / ISACA says smaller manufacturers need to address cybersecurity

ISACA says smaller manufacturers need to address cybersecurity

Survey shows manufacturing sector struggling with some issues and lack of skills

Manufacturing organisations face issues with securing IoT devices and employee error, according to the ISACA/DMDII survey.
Manufacturing organisations face issues with securing IoT devices and employee error, according to the ISACA/DMDII survey.

Security industry association ISACA has warned that smaller manufacturing companies need more protection from cyberattack, or else they put the whole supply chain at risk.

A US survey by ISACA and the Digital Manufacturing and Design Innovation Institute, found that manufacturers are facing security issues such as problems finding skilled staff and underspending on security training. Manufacturers also struggle with IoT device security and employee error.

While manufacturing does not suffer the same volume of attacks as other verticals, it attracts more coordinated cyber espionage attacks than any other sector.

ISACA and DMDII conducted the survey as kick-off to understanding how all manufacturers could be better protected, to protect the supply chain as a whole.

"Three-quarters of US manufacturing firms have fewer than 20 employees and 98% have fewer than 500. To shore up the resiliency of the US supply chain, reaching small manufacturers is essential, and understanding their needs and capabilities is a crucial initial step," said Kevin McDunn, Chief Product Officer of DMDII. "This survey begins this important work that will lead to the type of accessible, low-cost tools and training opportunities that DMDII can develop and get into the hands of these manufacturers."

The survey found a some areas of strength in manufacturing compared to other sectors. Seventy-eight percent of manufacturing organisations have a formal process for dealing with cybersecurity incidents, and 68% have one for ransomware attacks, while 77% are confident that their security team can detect and respond to advanced persistent threats (APTs). Seventy-four percent also said their cybersecurity budgets will either increase or stay the same in the coming year.

However, the survey also found that 75% of companies have a cybersecurity awareness program, but only 37% believe it is completely effective, and only around half of manufacturing companies are spending more than $1,000 on continuing training for IT staff versus 75% of other sectors. Respondents indicated it takes an average of five months to fill open positions and 61% of hiring managers said less than half of applicants are qualified.

"Though the manufacturing industry has made great strides in addressing security issues, this research illustrates the need for organizations to elevate cybersecurity as a priority to build the foundation of its cybersecurity culture, better secure their operations, and strengthen the global digital economic ecosystem," said Frank Downs, Director of Cybersecurity Practices at ISACA. "Partnerships and information sharing, like ISACA's collaboration with DMDII on this study, are becoming increasingly key to accomplishing these goals."