Security in the age of Industry 4.0
Security measures for sustainable production
Philipp Zeh, Head of Competence Center IT-Security at Konica Minolta IT Solutions GmbH
Published in: DiALOG - THE MAGAZINE FOR ENTERPRISE INFORMATION MANAGEMENT | MARCH 2018
In the course of Industry 4.0, production is becoming increasingly automated and part of networked IT. Increasing networking offers many advantages such as greater flexibility, individualized products and the opportunity to conquer new markets. However, it also increases the risk of companies falling victim to an external hacker attack. Attackers use vulnerabilities to find their way through the network and into production. Companies must therefore ensure that their production is protected against unwanted access. In doing so, they should be guided by IT security measures and adapt these to their production lines.
In the event of a successful attack, the damage can be very great. Cisco's Annual Cybersecurity Report 2017, for example, reports that more than a third of the companies affected suffered a significant loss of revenue as a result - in some cases by more than 20 percent. Small companies in particular went bankrupt because a cyber attack paralyzed production for several days. Blackmail software is another problem. This particularly affects large companies, as the criminals can demand higher ransom fees here. But the damage caused by the unwanted encryption can also be considerable. The container shipping company Maersk, for example, put the loss caused by NotPetya at 200 to 300 million US dollars.
Less prominent, but equally problematic, is spy software. This works in the background to siphon off personal data from customers or production information for industrial espionage over a long period of time. Since these malware programs aim to remain undetected for as long as possible, they are often active for several years before the affected company notices them - if it even looks for them at all. According to the BSI's latest situation report, the number of these attacks on German companies is on the rise. Most recently, the attack on an industrial group with the malware Winnti was particularly well known.
Going forward, the range of attack methods continues to grow. For example, the Cisco Midyear Cybersecurity Report (MCR) identified the following new trends: Destruction-of-Service (DeOS) attacks destroy enterprise backups and security networks needed to restore systems and data. Fileless malware is difficult to detect and also investigate because it exists only in volatile memory. Business Email Compromise (BEC) attacks trick employees into making wire transfers to the attackers via an official-looking email.
Danger recognized - but not averted But even those who are aware of the dangers often don't know where to start securing their systems due to a lack of specialized knowledge in the area of IT security. Even experts sometimes find it difficult because there is still no standard security concept and in some cases the necessary technologies are lacking. This is because the IT security of Industry 4.0 devices has also been severely neglected by their manufacturers and providers to date.
The more than 80-year success story of Konica Minolta IT Solutions GmbH is based on professionalism, high competence and performance. Almost 400 employees are committed to serving the needs of more than 4,000 customers from industry, trade, services and the public sector every day. They optimize their business processes with effective infrastructure, IT security and software solutions from market-leading partners as well as professional managed services and consulting. In doing so, they always strive to find a simple and cost-efficient solution for customers to manage complex tasks. Since 2013, the company has been a subsidiary of Konica Minolta Business Solutions Deutschland GmbH.
www.konicaminolta.de/it
