How Physical Security Devices Can Leave Manufacturers Vulnerable to Cyberattacks — And What To Do About It
Manufacturers rely on physical security devices to mitigate a wide variety of threats. In addition to helping protect them from criminals and threat actors, these devices can help manufacturers avoid dangers such as workplace accidents, lawsuits, and fines that can result from unsafe working conditions. But while manufacturers invest heavily in them, inadequate operational management of these devices typically prevents manufacturers from achieving the security and reliability that they need. This leaves those companies at serious risk.
Manufacturers have good reasons for investing in physical security devices
Today’s manufacturers understand the importance of physical security, and they understand that providing that security is about much more than protecting their employees from criminals and threat actors. They must protect themselves from a wide variety of dangers, including:
- Thefts and other crimes (including both insider and outsider attacks) – which can devastate manufacturers by targeting vital equipment and sensitive information, such as trade secrets.
- Workplace accidents, which can put employees and others in physical danger and can have a disastrous financial impact on manufacturers and other companies.
- Expensive legal problems, which can result from suspicion of crime or unsafe working conditions.
That’s a remarkable set of risks, and manufacturers are rightly concerned about each of them. For starters, employee theft alone is estimated to cost U.S. businesses $50 billion per year. And the National Safety Council has estimated that workplace accidents in 2020 cost a total of $163.9 billion. Meanwhile, manufacturers that fail to comply with legal requirements (such as OSHA laws and regulations) risk facing fines and penalties that can top a million dollars for a single workplace accident.
That makes physical security devices critical – but do they meet manufacturers’ needs?
In light of the risks they face, manufacturers invest heavily in IP cameras, access control panels, motion sensors, and other physical security devices. Those devices play a critical role in protecting manufacturers, while in many cases helping to lower their insurance premiums.
Unfortunately, after all that manufacturers invest in their physical security devices, those devices do not typically provide the security, safety, and legal protection that they need.
It’s important to keep in mind that this is not the fault of the companies that make, sell, and install these devices. Rather, the problem is that typically, manufacturers (as well as other organizations) do not operationally manage their physical security devices adequately.
How much of a risk does this situation create for manufacturers and other organizations? Consider that in the average organization’s security environment:
- 6% of IP cameras get disconnected from their video management system at some point during a typical week.
- 4% of physical security devices get disconnected from their network at some point in a typical week.
- 15% of physical security devices in use are past their end of life, meaning that they are no longer supported by their manufacturers.
- 8% of physical security devices are misconfigured.
- 70% of physical security devices are running outdated firmware.
That reality leaves manufacturers facing serious risks – and they go well beyond physical security
One major problem with this situation is that it increases the chances of downtime for manufacturers’ physical security devices. This is especially concerning because one of the greatest dangers for organizations of all types is that a critical physical security device could be offline when it’s really needed.
For manufacturers, the risks associated with downtime go well beyond the chance of a violent crime going unrecorded, including the possibility that workplace hazards will go unnoticed and an employee will be injured while cameras are down.
In addition, gaps in the operational management of manufacturers’ security devices make them an easy target for hackers, like those who took advantage of cybersecurity vulnerabilities in IP cameras to carry out the 2021 Verkada hack. The risk is especially high for devices that have passed their end of life and are no longer supported by patches for newly discovered cybersecurity vulnerabilities.
And the risk is growing. In fact, last year IBM estimated the cost of the average cyberattack targeting industrial companies (including manufacturers) to be $4.47 million – up from $4.24 million in 2021.
Perhaps most alarmingly, inadequately managed physical security devices make manufacturers vulnerable to the serious and growing risk of cyber-physical attacks. By using cyberattacks to target physical infrastructure, this type of threat could enable hackers to sabotage equipment, product designs, and manufacturing processes. For example, when the WannaCry ransomware virus spread in 2017, it led multiple auto factories to temporarily stop production.
But as important as it is for manufacturers to ensure that their physical security devices work consistently, the nature of these companies makes avoiding downtime especially challenging. Medium to large manufacturers typically have multiple factories to monitor and secure – sites that in many cases are spread across states or even multiple countries. And it is common for a single factory to have multiple production lines. Meanwhile, these manufacturing plants are both dynamic and sensitive, with people frequently entering and leaving even as it is critical to restrict access.
So, why don’t typical manufacturers manage their physical security devices adequately? The key reason is that most of those that try to operationally manage their devices take a manual approach, which is both unreliable and expensive.
Operationally managing physical security devices is a massive task for midsize and large manufacturers – one for which they usually lack sufficient resources. It involves monitoring these devices’ operational status and health to ensure that they’re working properly, as well as diagnosing and resolving issues that do arise. It also entails hardening and maintaining these devices – including critical steps like firmware upgrades, password rotations, and certificate management. And it involves promptly replacing devices that have reached their end of life.
Manufacturers need a more effective approach
How can manufacturers streamline the operational management of their physical security devices? How can they ensure that their devices run both consistently and securely, while keeping their costs down?
Doing more of the same won’t solve this problem, and neither will throwing money at the issue. A manual approach is too expensive, inefficient, and unreliable to be sustainable. Instead, manufacturers need an innovative approach – and automation is the key.
By automating the operational management of their physical security devices, manufacturers can minimize downtime, both by monitoring their devices around the clock and by rapidly (and often remotely) addressing any issues that arise. This approach also helps manufacturers to protect themselves from serious cyber and cyber-physical threats by hardening and maintaining their devices automatically. And the efficiency of this automated approach can save significant money.
This way, manufacturers can enhance their physical security posture – helping them stay safe from a wide variety of risks, both reliably and cost-effectively.
How does SecuriThings help manufacturers and other organizations enhance their physical security posture, both reliably and cost-effectively? For a look at one major international corporation’s story, check out this case study.