Top cyber threats that impact smart factories

Smart factories bring about tremendous potential for innovation, but cyber security remains as one of the top concerns for these facilities. Find out what the common threats are and how to defend against them.

FacebookTwitterLinkedIn
Top cyber threats that impact smart factories

As we move towards a digital economy, manufacturing firms are increasingly turning to technology to enhance production efficiency and accelerate their response to meet the rapidly evolving needs of customers. With a heavy focus on interconnectivity and automation, modern smart factories are heavily digitalised and equipped with a plethora of cutting-edge systems.

Of course, the rise of digital technologies also brings a new level of cyber complexity to factories. Like all interconnected digital systems, smart factories are vulnerable to cyber security threats. This pertains not just to the IT systems but includes underlying systems such as programmable logic controllers (PLC) and embedded systems. What are the additional risks, and does the manufacturing industry have adequate cybersecurity programmes in place to prepare for the expanded risks?

Cyberthreats menacing manufacturing environments

The cyber threat to smart factories is real and growing. According to the Deloitte and MAPI Smart Factory Study, 4 in 10 manufacturers surveyed indicated that their operations were affected by a cyber security incident in the preceding 12 months1. Yet a significant number of manufacturers have yet to build the requisite cyber security capabilities to secure some of their business-critical systems.

Deloitte suggests that manufacturing companies rectify this situation by managing their IT systems alongside the control systems that make up the operational technologies, also known as OT systems. Securing OT systems is vital as security is typically not covered in service-level agreements signed with system integrators and equipment vendors of OT systems. Moreover, aspects of security are often overlooked when implementing advanced technologies as part of new smart factory initiatives.

While a cohesive security strategy is one step, here are some ways that malicious cyber intruders can gain a foothold into a smart factory.

Malware: Malware is the most common attack strategy used by cyber attackers and entails the infiltration of malicious software that either run surreptitiously in the background or Trojans that masquerade as legitimate apps. They might be installed through a variety of methods, including by social engineering efforts.

Software vulnerabilities: Another way that threat actors can gain entry is by exploiting vulnerabilities in software to gain illicit access to connected systems. Once a beachhead is formed, additional reconnaissance efforts can reveal additional vulnerable systems which can be attacked and similarly compromised.

Device compromise: OT hardware systems can similarly be compromised through known vulnerabilities or poor access control. Older systems tend to fare particularly poorly, which is why it is generally considered a good idea to segregate and shield OT networks.
 

Three steps to defend against new threats

How can manufacturers protect themselves against the various threats arrayed against them as they gear up for Industry 4.0? Though modern cyber-attacks can be insidious and often utilise multi-pronged attack vectors, it is possible to mitigate the risks of security breaches by adopting the following steps.

For a start, it is important to ensure that software updates are regularly applied, and security patches rigorously applied. Connected devices should be properly inventoried and monitored in real-time for unusual activity that might signal that they have been compromised.

A vital next step is to develop a cyber response plan that can be implemented in the event of a cybersecurity breach. As outlined by Gartner2, an operational and effective incident response (IR) plan should include documenting the mission statement as well as the defining roles and responsibilities of those involved in the IR plan. Crucially, a good IR plan should include a formal post-incident learning process to reduce the likelihood of a recurrence.

Finally, manufacturers should leverage the expertise of cyber security professionals to conduct either a risk assessment or penetration testing – or both. The latter can serve to identify potential vulnerabilities and threats, allowing the security team to remedy the problems ahead of an actual cyber-attack. Penetration testing also offers a chance to test out the IR plan, and if necessary, to improve it.

See the unseen with trusted cyber security experts    

Daunted by evolving cyber threats and the rising costs of in-house security? Cyber security is an industry-wide problem, exacerbated by rapid digitalisation and constantly evolving threats. To help organisations, cyber partners can offer businesses and manufacturers greater visibility into their networks and digital systems.

With services that include around-the-clock managed detection and response, businesses can power their defence against evolving threats 24x7.

Speak to us to find out more.

 

1Deloitte, Cybersecurity for smart factories, 2019.

2Dark Reading, How to Create an Incident Response Plan From the Ground Up, 2021.

You may also like

Bridging the cyber talent gap: Why training matters as much as hiringShare
Apr 2025 | -
cyber security
Bridging the cyber talent gap
Singapore is tackling the cyber talent shortage by creating new ways for people to enter and grow in the field—no tech background needed. With industry-led training and support from key industry players, these programmes focus on real-world skills and practical readiness, helping build a stronger, more resilient cyber security workforce for the nation’s digital future.
Shield against cyber scams through preparedness programmeShare
Mar 2025 | -
cyber security
Shield against cyber scams through preparedness programme
Cyber scams are evolving, exploiting both technology and human psychology, making cyber security training essential for organisations. Frost & Sullivan explores how Singtel’s CSI offers a comprehensive Cyber Scam Preparedness programme, emphasising shared responsibility and victim empathy to equip frontline employees as the first line of defence against cyber threats.
Organisations with managed connectivity and cloud-delivered SSEShare
Mar 2025 | -
cyber security
Securing organisations with managed connectivity and SSE
This infobrief explores how managed connectivity and cloud-delivered Secure Service Edge (SSE) can protect IoT and mobile-enabled organisations, highlighting the importance of robust security solutions to safeguard devices, data, and networks in an increasingly connected world.