Building a Resilient World:
The ISAGCA Blog

Welcome to the official blog of the ISA Global Cybersecurity Alliance (ISAGCA).

This blog covers topics on automation cybersecurity such as risk assessment, compliance, educational resources, and how to leverage the ISA/IEC 62443 series of standards.

The material and information contained on this website is for general information purposes only. ISAGCA blog posts may be authored by ISA staff and guest authors from the cybersecurity community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

Read More

Leverage Predictive Analytics to Identify Insider Threats in Smart Manufacturing

Read More

Categories Arrow

All Posts

Leverage Predictive Analytics to Identify Insider Threats in Smart Manufacturing

Information technology (IT) teams must protect their critical systems and operational technology (OT) from insider threats. As smart manufacturing’s prominence increases, it becomes a larger target for cybercriminals. Predictive analytics technology forecasts outcomes and could be critical for early detection and intervention — but will it be enough?

Why Smart Facilities Are Uniquely Vulnerable to Insiders

The rise in IT/OT convergence has made smart manufacturing a target for attackers. Even though IT teams gain visibility into their ecosystems, parsing through all those logs and records is time-consuming — they may overlook indicators of compromise.

Even if the IT team is well prepared for IT/OT convergence, integration drastically increases their attack surface. Leaving IT and OT separate and focusing solely on deploying smart technologies inadvertently raises their risk level.

Moreover, manufacturing facilities are generally vulnerable to insider threats, and any disconnect between the C-suite and factory-floor workers can exacerbate the issue.

Even if floor managers know their teams are content, insider threats slip through the cracks. Often, they are the person management would least expect — someone with enough trust, authority, seniority or clearance to access sensitive documents or restricted areas. Besides, even if they like their employer, they may be unable to refuse cybercriminals’ offers.

For these reasons, insider threats are among smart manufacturers' top cybersecurity concerns. Around 74% of companies feel moderately to extremely vulnerable, with 48% reporting it is more difficult to detect and prevent than external attackers.

Their concerns aren’t based on hypotheticals, either. In 2023, manufacturing saw the highest share of cyberattacks among major industries, experiencing over one in four attacks that year. Smart manufacturers are more likely to be targeted since digitalization makes them easier to infiltrate.

The Dangers of Insider Threats in Smart Manufacturing

Most organizations feel helpless regarding insider threats — and for good reason. Any employee, executive or third-party contractor can be a danger.

Accidental Insiders

These inadvertent insiders may be well-meaning, but their mistakes create an opening for cybercriminals. While human error and stolen credentials are out of their control, the consequences are no less dangerous. Their actions may result in a data breach or cyberattack.

Whether these individuals respond to a phishing email or stay logged in after walking away from their device, they generate risk. Although opportunity attacks are typically less impactful than targeted cyberattacks, they still pose a threat.

Negligent Insiders

Whether due to apathy or carelessness, negligent insiders typically bypass security measures, abuse privileges and disregard best practices. Their actions cause 60% of data breaches on average, making them the most dangerous insiders in a practical sense.

A negligent insider’s intentional decision not to follow the IT team’s instructions puts others at risk. They inadvertently make cyberattacks more likely, potentially resulting in unplanned downtime, data loss and compromised intellectual property.

Malicious Insiders

Malicious insiders actively collaborate with threat actors in exchange for payment, intellectual property or revenge. While they may be unwilling partners — extortion is a possibility — sabotage and espionage are more likely.

These individuals surrender critical insights, maximizing attack impact. Their help could compromise IT infrastructure or cause OT malfunctions, injuring workers. They may even hand over sensitive employee data, creating personal risk for their co-workers.

How Predictive Analytics Can Prevent Insider Threats

Insiders play the waiting game, biding their time until they can strike. In 2022, organizations took 85 days on average to identify and contain these threats, up from 77 days in 2021. Early intervention is the main benefit of leveraging predictive analytics in these situations.

Predictive analytics works because insider threats generate data. Access logs, download histories, login timestamps and transfer records expose their activities. Companies that use artificial intelligence to aggregate this information can forecast their behaviors.

Manufacturers can substantially reduce their insider threat risk by using predictive analytics to screen potential hires. Compiling data on candidates’ job histories and interview responses enables them to generate insights.

Management can use the same strategy to assign risk levels to existing staff. Those using radio-frequency identification tags or Internet of Things devices to track workers have an advantage because they can gain in-depth intelligence.

Aggregating information on past insiders, manufacturing attacks and smart device vulnerabilities can help facilities identify cybercriminals’ targets. In response, they can proactively strengthen defenses and secure systems. IT can incorporate these insights into employee training.

How to Implement Predictive Analytics to Detect Insiders

Implementing predictive analytics for insider threat detection in smart manufacturing is relatively straightforward.

1.    Gather Relevant Data

Implementation starts with data collection. Sources must be accurate, relevant and adequately preprocessed. While generic information on smart manufacturing will work, insiders are facility-specific threats — precision is critical.

2.    Source Artificial Intelligence

While various predictive technologies exist, artificial intelligence is among the most advanced. IT teams should leverage it for its automation capabilities and accuracy. Model selection and training are crucial considerations, even if manufacturers use off-the-shelf solutions.

3.    Identify Responsibilities

Who will be in charge of training and fine-tuning the predictive model? What should the cutoff for historical information be? Who passes along warnings when the tool uncovers an insider? Responsibility delegation should happen before completing implementation.

4.    Monitor Data and Investigate

Continuous monitoring is essential for investigations. Management can’t outright accuse someone since risk isn’t necessarily an indicator they are actively working with threat actors. Instead, they must log activity and gather evidence.

5.    Minimize Insider Threat Risk

Once irrefutable evidence is gathered, risk minimization can begin. For malicious insiders, the IT team should create a honeypot to bait action in a no-risk environment. The other types should receive a formal warning, disciplinary action or additional training, depending on their behaviors.

Are There Insider Threats on the Factory Floor Right Now?

Insider threats can take any form. Even if they aren’t acting maliciously, their actions may inadvertently result in equipment damage, on-the-job injuries or intellectual property exposure. Management may assume their factory floor is free of these threats, but the IT team knows better. Continuous vigilance is essential, even with predictive analytics.
Zac Amos
Zac Amos
Zac Amos is the features editor at ReHack, where he covers trending tech news in cybersecurity and artificial intelligence. For more of his work, follow him on Twitter or LinkedIn.

    Recent Posts

    Get 300 USD off ISA Training During Cybersecurity Awareness Month

    Related Posts

    The Encryption Enigma: Securing Automated Processes

    With the convergence of informational technology (IT) and operational technology (OT), "smart" automation...
    Nahla Davies Oct 4, 2024 7:00:00 AM

    Spotlight on Cybersecurity Offerings at the 2024 ISA Automation Summit & Expo

    The International Society of Automation (ISA) is making its final countdown to the 2024 ISA Automation Su...
    Kara Phelps Sep 27, 2024 7:00:00 AM

    Leverage Predictive Analytics to Identify Insider Threats in Smart Manufacturing

    Information technology (IT) teams must protect their critical systems and operational technology (OT) fro...
    Zac Amos Sep 20, 2024 7:00:00 AM

    The International Society of Automation (ISA) is a non-profit professional association founded in 1945 to create a better world through automation. ISA advances technical competence by connecting the automation community to achieve operational excellence and is the trusted provider of standards-based foundational technical resources, driving the advancement of individual careers and the overall profession. ISA develops widely used global standards; certifies professionals; provides education and training; publishes books and technical articles; hosts conferences and exhibits; and provides networking and career development programs for its members and customers around the world.


    The material and information contained on this website is for general information purposes only. ISA blog posts may be authored by ISA staff and guest authors from the automation community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

    We're on social media. Keep in touch!

    © 2024 International Society of Automation. All rights reserved.