40% of manufacturing security professionals have no formal security strategy

Cisco cybersecurity survey also reported that 28% of manufacturing organizations suffered loss of revenue due to attacks in the past year.

In its 90-page 2017 Midyear Cybersecurity Report, Cisco raised a warning flag because of the accelerating pace and rising level of sophistication in the global cyber threat landscape. Focusing on manufacturing, the report said that the combination of connected devices on outdated machines might be “ripe for exploitation.” But even more concerning is what might be viewed as a muted response by companies to potential security breaches.

“A written security policy can provide a framework for improvements, yet according to the Cisco survey, 40 percent of the manufacturing security professionals said they do not have a formal security strategy, nor do they follow standardized information security policy practices such as ISO 27001 or NIST 800-53,” the report stated.


Percentage of manufacturers that use solutions from 6 or more security vendors

Cisco cybersecurity

Source: Cisco 2017 Security Capabilities Benchmark Study


Key Concerns for Manufacturing

According to a Bloomberg study cited in the report, 80% of US factories are more than 20 years old and could be more vulnerable to attacks since systems are phased out gradually over time. Another potential issue is the use of a relatively large number of security vendors which could create a more complex and confusing picture as IT and OT personnel work together on security challenges, along with the number of personnel dedicated to security.

The report went on to state that, according to a study by the Global Center for Digital Business Transformation, “four out of 10 manufacturers will suffer market disruption over the next 5 years, in part because they do not modernize to meet offerings from more advanced competitors. Security plays a key role in competitive advantage because it can help maintain brand reputation and avoid revenue and customer losses.”


Number of trained security personnel in manufacturing organizations
trained cybersecurity Cisco

Source: Cisco 2017 Security Capabilities Benchmark Study


Key Report Findings

The report, in general, has a goal of keeping businesses apprised of cyber threats and vulnerabilities, and the steps companies can take to improve security and cyber-resiliency.  Two dynamics are making the challenge for companies more difficult: the escalating impact of security breaches and the pace of technological change.

Tactics being deployed by attackers is also a problem, so the report provides a comprehensive view of new developments in malware, attack methods, spam and unwanted applications such as spyware and business email compromise (BEC).

Cisco said it has been publishing annual and midyear cybersecurity reports for nearly a decade to alert security teams and businesses of known and emerging threats and vulnerabilities. But the diversity of content that threat researchers and technology partners presented in this latest report reflects the complexity of the modern threat landscape.

The expectation is that defenders will struggle to maintain ground as the IoT continues to expand and the prospect of new types of attacks in the future. In response, the security community “needs to expand its thinking and dialogue about how to create an open ecosystem that will allow customers to implement security solutions that will work best for their organization and make the most of existing investments.”

View the complete report here.

Comments (1)

Please log in or to post comments.
  • Oldest First
  • Newest First
Loading Comments...