Site icon Connected World

Manufacturing a More Secure Future

Connected World: The manufacturing industry reported the highest share of cyberattacks in 2022. Why do you believe this is happening?

Zakarya Drias: The manufacturing industry has undergone a significant digital transformation, resulting in increased profitability, efficiency, and modernization, as well as the emergence of certain challenges. While the integration of new digital technologies into the production process has generated substantial benefits, it has also inadvertently exposed vulnerabilities that malicious actors can exploit. It’s essential to recognize that these vulnerabilities stem not solely from the adoption of technology, but also from the absence of cohesive processes and procedures that should accompany these innovative approaches. Furthermore, a noteworthy concern arises from the insufficient cybersecurity expertise among operators who interact with these advanced systems.

Another crucial factor contributing to this scenario is the inherent nature of the manufacturing sector itself. From the perspective of potential threat actors, the manufacturing sector stands out as an alluring target. The industry’s limited tolerance for operational downtime, coupled with the valuable intellectual property held by manufacturers, makes it an exceptionally attractive focal point for various types of malicious threat actors.

CW: What can manufacturing companies do to address this?

Drias: There’s a lot that can be done, but it’s challenging to figure out where to begin. Asset owners should start by taking a comprehensive approach to protect their OT (operational technology) environment from cyber-attacks. This means considering people, processes, and technology and leveraging international frameworks, such as IEC62443 and NIST CSF.

  1. First, understand where the risks are. Identify vulnerabilities, potential threats, and what could happen if a threat exploits those vulnerabilities.
  2. Next, take action to reduce risks. Use security controls, processes, and procedures to lower the risk to an acceptable level.
  3. Train your team. Having the right technology is not enough; your team’s mindset and skills matter too.
  4. Continuously watch your security posture and adjust your strategy to stay ahead of potential threats.

In short, it’s about understanding risks, taking steps to reduce them, training your team, and staying proactive in managing cybersecurity. This is an ongoing process that needs to continue and keep improving as it goes. Asset owners need to make this an ongoing priority to be successful.

CW: How does Managed Security Services help mitigate threats?

Drias: The essence of our Managed Security Services group at Schneider Electric revolves around a vigilant focus on threats. It begins with continuous monitoring, realtime threat detection, and proactive threat hunting. This comprehensive approach is further enhanced by vulnerability assessment and subsequent remediation efforts. For asset owners equipped with these capabilities through an MSSP, a distinctive advantage emerges. They are empowered to proactively defend against threats and adeptly manage incidents, effectively minimizing their impact to the industrial processes and the dependent operations. Further, as their operations evolve, we are able to update our support strategies to include new equipment and operations.

CW: What value does this ultimately provide companies?


In summary, MSSPs provide companies with a comprehensive and cost-effective solution to manage the cyber risk to their operations. This unlocks all the benefits of adopting digital technologies to increase operations efficiencies, business growth, and profitability.

CW: How do these services fit with what the manufacturing company does already?

Drias: Numerous manufacturing companies have embarked on their cybersecurity endeavors, yet the level of progress varies depending on their investments and actions taken against cyber threats. Managed Security Service Providers seamlessly align with companies of all maturity levels. In the case of well-established organizations, MSSPs extend their capabilities to encompass advanced offerings like threat intelligence, threat hunting, and malware analysis. They function as an extension of the internal cybersecurity team, delivering high-value services.

For companies in the early stages of their maturity journey, MSSPs play a pivotal role in expediting progress. They provide the full array of previously mentioned services, assuming the role of the core cybersecurity team and a trusted advisor. This is particularly evident in the construction and execution of robust cybersecurity strategies and programs.

CW: Do we still need to keep people, processes, and technology in mind?

Drias: Absolutely! The principles of people, processes, and technology remain vitally important, regardless of whether a company engages with a Managed Security Service Provider (MSSP) or not. Here’s why:

In essence, an MSSP complements and enhances a company’s cybersecurity efforts, but it doesn’t replace the need for a well-rounded program that addresses people, processes, and technology. The collaboration between the company and the MSSP should harmonize with these core principles to ensure comprehensive and effective cybersecurity management.

Zakarya Drias

About the Author

Zakarya Drias, director, cybersecurity managed services, Schneider Electric. Drias is a cybersecurity leader and a driving force behind innovative solutions in the realm of OT cybersecurity. In his strategic role, he orchestrates cutting-edge customer centric initiatives, providing customers with better ways to accelerate their path to resiliency. 

Exit mobile version