Organisations need to re-orient their cyber security to deal with the element of remote working as well as with the rapid pace of digital transformation
In the context of the growing cyber security threats faced by manufacturing organisations, Pro MFG Media shares the learnings from the recently conducted Senior Leadership Technology Think Turf that focused on ‘Building Resilience Against Cyber Shocks’. The virtual event was presented by Raksha Technologies and was supported by IBM. With valuable inputs from thought leaders coming from a wide range of manufacturing segments, the discussion was interesting as well as insightful. To watch the video of the event, click here: https://www.youtube.com/watch?v=ft2j2YYQlwQ
Ramakrishnan V, Regional Sales Manager, Raksha Technologies, welcomed all the panellists with an informative introduction and set the tone for the event. The esteemed speakers included Farhan Khan, CIO, Allied Blenders & Distillers Pvt. Ltd., Ranganathan Iyer, Group CIO & EVT IT, JBM Limited, Sanjiv Kumar Jain, Group CIO, Krishna Maruti Group, Jayanta Bhowmik, Group CIO, Kesoram Industries, Vilas Pujari, CIO, ACG Worldwide, Rajesh Panchal, Head of Information Technology, INOX Air Products, and Dineshkumar Rajendran, Information & Data Security Engineer, Raksha Technologies Pvt Ltd. The session was ably moderated by Burgess Cooper, Cybersecurity Partner and Deputy Leader, EY India.
The element of remote working
Speaking about the new cyber security threats, all panellists unequivocally highlighted the element of remote working as well as the swiftness with which organisations have had to embrace digitalization. Farhan Khan, CIO, Allied Blenders & Distillers Pvt. Ltd., underlined these two sets of challenges which basically affect most of the landscape that manufacturing companies are working in today. “On the one hand, we have a security threat, which is predominantly due to the ‘work from home’ phenomenon. The second aspect is about the productivity of a business, which is basically about the optimization of processes, or using digitalization to help the business to grow,” he said.
Elaborating on the risks arising due to the ‘work from anywhere’ aspect, Jayanta Bhowmik, Group CIO, Kesoram Industries, said that it is the biggest challenge since there is no technology which can address unsafe behaviour. “You can secure your equipment, your laptop, and your access. But how will you protect against unsafe behaviour? People in the management don’t get to know where the employees are working from as long as they are delivering. But while they are working from anywhere, that itself is a challenge to the resources, to the data, to the other colleagues as well as to the applications,” he said.
While agreeing with his fellow speakers about the threat posed because of employees working remotely, Vilas Pujari, CIO, ACG Worldwide, also drew attention to another aspect of the same phenomenon. “The second perspective is about the many unemployed but educated and qualified young people who are at home and are doing something which is destructive, and is creating a big challenge for all of us,” he stated.
Rajesh Panchal, Head of Information Technology, INOX Air Products, said that today’s manufacturing organisations have gone ahead leaps and bounds in terms of digitization. “We are talking about technologies like IoT, Artificial Intelligence, Machine Learning, Deep Learning, and so on. But all these technologies are not on a common network; they are on segregated networks. The reason for this segregation is the risk involved.” He also highlighted that the products and the solutions available in the industry are not yet mature to that extent. So that is one of the biggest challenges as well as an opportunity for the industry, according to him.
Ranganathan Iyer, Group CIO & EVT IT, JBM Limited, said that the biggest threat today is the lack of knowledge in the context of digitization. “Since we are into manufacturing, we are exposing ourselves more to the cloud as we are connecting machines to each other as well as on cloud. As a result, data exchange is happening outside of our periphery. This exposure of our landscape to the outside world is a big threat, because the lack of or less knowledge of the end users is posing more threat to our security,” he stated.
While speaking about the doubling of security threats within just one year, Sanjiv Kumar Jain, Group CIO, Krishna Maruti Group, also emphasised on the key differences between the manufacturing and the services sectors. “Post pandemic, it has been a nightmare for all the manufacturing industry professionals because they were not open for adopting the security measures as compared to the service industry. Secondly, work from home was not a culture for them. So, that has posed new threats. Earlier, the digitisation push was not so intense as compared to what it is now. So, for the last one year, all manufacturing organisations are working towards digitization. Overall, the increase in cyber-attacks has really been a nightmare for every CISO or CIO,” he mentioned.
Taking the discussion ahead, Dineshkumar Rajendran, Information & Data Security Engineer, Raksha Technologies Pvt Ltd, spoke about the all-important issue of data management. “The biggest concerns for organisations today are about people handling data while working from anywhere.” In this regard, he raised some very pertinent questions about the misuse and protection of data as well as about the protection and access to the devices used by the people working remotely.
New approaches required
Sanjiv Kumar Jain of the Krishna Maruti Group stressed on the importance of taking new approaches to deal with the new challenges. “Previously, all manufacturing organisations mostly had in-premise data centres and everything was being controlled within the confined boundaries of the organisations. However, with the pandemic, things have really opened out and everything has become borderless. In this scenario, risk identification must be done for every organisation and every person. Every CIO and CSO needs to identify his or her biggest risks and plug them immediately. We need to create a risk committee in the organisation that understands the risk appetite of the organisation and knows how to address different risks,” he said. He also added that every CIO and CSO needs to be extremely vigilant and that ‘zero trust’ should be implemented in every organisation when it comes to data security.
Speaking about balancing the ‘zero trust’ factor with the need to empowering employees to work well, Jayanta Bhowmik of Kesoram Industries said that it is necessary to orient employees to the culture of security awareness. He added that regular communication is the key. Taking ahead the point, Rajesh Panchal, Head of Information Technology, INOX Air Products, spoke about the need to segregate security risk posture in three areas. “One is at the top management or board level, another is at the operational level, where we have the teams and the business owners, and the third is at the manufacturing level. So identify the three different areas because the levels of risks are different and the solutions are different. Then, the whole convergence would happen on one common platform,” he explained.
Elaborating on the role of technology partners in helping manufacturing companies deal with the security threats, Dineshkumar Rajendran of Raksha Technologies, stressed on the importance of guidance and education. Giving the example of recent training sessions for companies to deal with phishing campaigns, he explained how simulation was used to generate end user awareness for manufacturing companies. Talking about cyber security threats that are specific to manufacturing, Farhan Khan of Allied Blenders & Distillers highlighted the importance of readiness of organisations in being able to proactively respond to the threats and in dealing with them.
Ranganathan Iyer of JBM Limited underscored the prominence of being informed about the different threats. “The visibility portion is more crucial,” he said. Elaborating further on the need to protecting data and securing the ecosystem for future threats, he gave the example from his organisation where they are building the required infrastructure based on what IP they want to protect as the data landscape is diversified from transactional to engineering to machine data and so on. Similarly, when there is a need to preserve data over a long period of time, it is important to understand who has access to that data and how it can be protected with the right kind of secure behaviour.
Speaking about manufacturing organisations’ preparedness to protect themselves from the attacks of the future, Jayanta Bhowmik of Kesoram Industries, said that there is a need to segregate between the IT and the OT (shopfloor). “Regular mocks and checks are the key. We need to have more proactive drills. The more vigilant an organisation is, the more aware that organisation would be about the potential threats,” he said.