McAfee: the shifting threat landscape in the manufacturing sector
IDC research shows that manufacturers worldwide are rapidly embracing new technologies to transform their business models and operations: 55% of manufacturing organisations are underway with their digital transformation efforts according to a 2018 IDC Vertical Insights survey. The same research revealed that just 23% currently see digital transformation as a risk to their manufacturing organisation. As manufacturers adopt cloud technology and undergo digital transformation processes to remain competitive in the market, they run the risk of opening the business up to cyberthreats if security is not carefully considered and managed.
Mo Cashman, Principal Engineer at cybersecurity solutions and software provider, McAfee shares his insights in response to questions about the shifting threat facing the manufacturing industry.
What are the key cybersecurity threats facing the manufacturing sector today?
“One of the biggest risks facing manufacturers today is the potential disruption of production services as a result of a cyber attack. The impact is immediately tangible and the cost of downtime is easily calculated in terms of lost business and reputation. Unfortunately, as manufacturers grapple with digital transformation, cybercriminals are also innovating to find new, more sophisticated methods to attack the sector.
“Information technology (IT) and operational technology (OT) convergence is increasing the cyber risk. Digital transformation projects are connecting historically isolated production systems with enterprise IT infrastructure to generate a huge range of benefits for the organisation, from greater insights through data analysis and maintaining a competitive edge to ensuring profitable productivity levels. Yet this shift often opens up potential vulnerabilities, creating conduits for malware to enter the organisation through end user workplace devices. Technology can transform businesses and generate cost savings, but we cannot ignore the potential risks. Ransomware and other forms of malware are often delivered through spear-phishing, have the capability to spread unattended and increasingly have a destructive payload. The combination of these threats with a lack of OT network segmentation and poor system hardening leads to a serious risk of production system downtime if not mitigated.”
Are manufacturers more vulnerable or more secure as they transition to becoming a ‘factory of the future’?
“Manufacturing organisations are transforming, whether through IT-OT convergence, the adoption of Industrial IoT technologies or shifting workloads to the cloud. With new systems come new attack surfaces and vectors – all of which should lead to new risk management considerations. Those operating in the manufacturing sector must recognise that cybercriminals are targeting the industry for valuable intellectual property and trade secrets as well as the traditional financial rewards. Business must be conscious of this risk and take the appropriate measures for cyber resilience.”
“Shifting to the cloud drives greater flexibility and innovation for manufacturers. Furthermore, when managed correctly, it offers greater visibility and therefore security. The first step is knowing where and how data is being used, shared and stored in the cloud by employees and partners. A true ‘factory of the future’ could not exist without the cloud. With the right policies and safeguards in place, manufacturers can protect data from device to cloud, detect malicious activity and correct any threats as soon as they arise – ensuring secure ‘factory of the future’ systems.”
How can manufacturers undergoing a digital transformation process keep their data and systems secure?
“The first step is designing for resilience. This starts with using a cyber risk framework, such as NIST, to guide the security architecture development for production systems and measure maturity improvement overtime. The NIS-Directive also sets out a number of cyber security principles and several countries, including the UK, have produced practical guidance on how to implement those principles to boost the overall level of security for network and information systems.
“Secondly, cloud security is paramount to enabling transformation. The factory of the future depends on cloud-based applications to deliver the analytics and business insights necessary to reap the benefits of digital transformation. Securing the infrastructure in public cloud environments and ensuring data security controls for cloud-based Software-as-a-service (SaaS) services is key to success.
“Finally, take a ‘one enterprise’ approach to security and risk management. Many organisations still operate in silo. For instance, a CISO may be responsible for IT only, yet not charged with securing OT environments. This needs to change. Recent attacks demonstrate that threats to manufacturing systems enter from multiple routes. As a result, increased collaboration and achieving one unified view across the digital workplace, cloud services, industrial controls and the supply chain are necessary considerations if an organisation is to maintain business resilience as it transitions to create a factory of the future.”
Marketing matters: from IBM to Kyndryl
Prior to joining Kyndryl as Chief Marketing Officer, Maria had a 25-year career at IBM, most recently as the tech giant’s CMO where she oversaw all marketing professionals and activities across North America, Canada and Latin America. She has held senior global marketing positions in a variety of disciplines and business units across IBM, most notably strategic initiatives in Smarter Cities and Watson Customer Engagement, as well as leading teams in services, business analytics, and mobile and industry solutions. She is known for her work with teams to leverage data, analytics and cloud technologies to build deeper engagements with customers and partners.
With a passion for marketing, business and people, and a recognized expert in data-driven marketing and brand engagement, Maria talks to Business Chief about her new role, her leadership style and what success means to her.
You've recently moved from IBM to Kyndryl, joining as CMO. Tell us about this exciting new role?
I’m Chief Marketing Officer for Kyndryl, the independent company that will be created following the separation from IBM of its Managed Infrastructure Services business, expected to occur by the end of 2021. My role is to plan, develop, and execute Kyndryl's marketing and advertising initiatives. This includes building a company culture and brand identity on which we base our marketing and advertising strategy.
We have an amazing opportunity ahead at Kyndryl to create a company brand that will stand apart in the market by leading with our people first. Once we are an independent company, each Kyndryl employee will advance the vital systems that power human progress. Our people are devoted, restless, empathetic, and anticipatory – key qualities needed as we build on existing customer relationships and cultivate new ones. Our people are at the heart of this business and I am deeply hopeful and excited for our future.
What experiences have helped prepare you for this new opportunity?
I’ve had a very rich and diverse career history at IBM that has lasted 25+ years. I started out in sales but landed explored opportunities at IBM in different roles, business units, geographies, and functions. Marketing and business are my passions and I landed on Marketing because it allowed me to utilize both my left and right brain, bringing together art and science. In college, I was no tonly a business major, but an art major. I love marketing because I can leverage my extensive knowledge of business, while also being able to think openly and creatively.
The opportunities I was given during my time at IBM and my natural curiosity have led me to the path I’m on now and there’s no better next career step than a once-in-a-lifetime-opportunity to help launch a company. The core of my role at Kyndryl is to create a culture centered on our people and growing up in my career at IBM has allowed me to see first-hand how to prioritize people and ensure they are at the heart of progress in everything Kyndryl will do.
How would you describe your leadership style?
I believe that people aren't your greatest assets, they are your only assets. My platform and background for leadership has always been grounded in authenticity to who I am and centered on diversity and inclusion. I immigrated to the US from Chile when I was 10 years old and so I know the power and beauty that comes from leaning into what makes you different from other people, and that's what I want every person in my marketing organization to feel – the value in bringing their most authentic self to work every day. The way our employees feel when they show up for themselves authentically is how they will also show up for our customers, and strong relationships drive growth.
I think this is especially true in light of a world forever changed by the pandemic. Living through such an unprecedented time has reinforced that we are all humans. We can't lead or care for one another without empathy and I think leaders everywhere have been reminded of this.
What’s the best leadership advice you’ve received?
When I was growing up as an immigrant in North Carolina, I often wanted to be just like everyone else. But my mother always told me: Be unique, be memorable – you have an authentic view and experience of the world that no one else will ever have, so don't try to be anyone else but you.
What does success look like to you?
I think the concept of success is multi-faceted. From a career perspective, being in a job where you're respected and appreciated, and where you can see how your contributions are providing value by motivating your teams to be better – that's success! From a personal perspective, there is no greater accomplishment than investing in the next generation. I love mentoring younger professionals – they are the future. I want my legacy as a leader to include providing value in work culture, but also in leaving a personal impact on the lives of professionals who will carry the workforce forward. Finding a position in life with a job and company that offers me a chance at all of that is what success looks like to me.
What advice would you give to your younger self just starting out in the industry?
I've always been a naturally curious person and it's easy for me to over-commit to projects that pique my interest. I've learned over years of practice how to manage that, so to my younger self I’d say… prioritize the things that are most important, and then become amazing at those things.