Information technology (IT) teams must protect their critical systems and operational technology (OT) from insider threats. As smart manufacturing’s prominence increases, it becomes a larger target for cybercriminals. Predictive analytics technology forecasts outcomes and could be critical for early detection and intervention — but will it be enough?
The rise in IT/OT convergence has made smart manufacturing a target for attackers. Even though IT teams gain visibility into their ecosystems, parsing through all those logs and records is time-consuming — they may overlook indicators of compromise.
Even if the IT team is well prepared for IT/OT convergence, integration drastically increases their attack surface. Leaving IT and OT separate and focusing solely on deploying smart technologies inadvertently raises their risk level.
Moreover, manufacturing facilities are generally vulnerable to insider threats, and any disconnect between the C-suite and factory-floor workers can exacerbate the issue.
Even if floor managers know their teams are content, insider threats slip through the cracks. Often, they are the person management would least expect — someone with enough trust, authority, seniority or clearance to access sensitive documents or restricted areas. Besides, even if they like their employer, they may be unable to refuse cybercriminals’ offers.
For these reasons, insider threats are among smart manufacturers' top cybersecurity concerns. Around 74% of companies feel moderately to extremely vulnerable, with 48% reporting it is more difficult to detect and prevent than external attackers.
Their concerns aren’t based on hypotheticals, either. In 2023, manufacturing saw the highest share of cyberattacks among major industries, experiencing over one in four attacks that year. Smart manufacturers are more likely to be targeted since digitalization makes them easier to infiltrate.
Most organizations feel helpless regarding insider threats — and for good reason. Any employee, executive or third-party contractor can be a danger.
These inadvertent insiders may be well-meaning, but their mistakes create an opening for cybercriminals. While human error and stolen credentials are out of their control, the consequences are no less dangerous. Their actions may result in a data breach or cyberattack.
Whether these individuals respond to a phishing email or stay logged in after walking away from their device, they generate risk. Although opportunity attacks are typically less impactful than targeted cyberattacks, they still pose a threat.
Whether due to apathy or carelessness, negligent insiders typically bypass security measures, abuse privileges and disregard best practices. Their actions cause 60% of data breaches on average, making them the most dangerous insiders in a practical sense.
A negligent insider’s intentional decision not to follow the IT team’s instructions puts others at risk. They inadvertently make cyberattacks more likely, potentially resulting in unplanned downtime, data loss and compromised intellectual property.
Malicious insiders actively collaborate with threat actors in exchange for payment, intellectual property or revenge. While they may be unwilling partners — extortion is a possibility — sabotage and espionage are more likely.
These individuals surrender critical insights, maximizing attack impact. Their help could compromise IT infrastructure or cause OT malfunctions, injuring workers. They may even hand over sensitive employee data, creating personal risk for their co-workers.
Insiders play the waiting game, biding their time until they can strike. In 2022, organizations took 85 days on average to identify and contain these threats, up from 77 days in 2021. Early intervention is the main benefit of leveraging predictive analytics in these situations.
Predictive analytics works because insider threats generate data. Access logs, download histories, login timestamps and transfer records expose their activities. Companies that use artificial intelligence to aggregate this information can forecast their behaviors.
Manufacturers can substantially reduce their insider threat risk by using predictive analytics to screen potential hires. Compiling data on candidates’ job histories and interview responses enables them to generate insights.
Management can use the same strategy to assign risk levels to existing staff. Those using radio-frequency identification tags or Internet of Things devices to track workers have an advantage because they can gain in-depth intelligence.
Aggregating information on past insiders, manufacturing attacks and smart device vulnerabilities can help facilities identify cybercriminals’ targets. In response, they can proactively strengthen defenses and secure systems. IT can incorporate these insights into employee training.
Implementing predictive analytics for insider threat detection in smart manufacturing is relatively straightforward.
Implementation starts with data collection. Sources must be accurate, relevant and adequately preprocessed. While generic information on smart manufacturing will work, insiders are facility-specific threats — precision is critical.
While various predictive technologies exist, artificial intelligence is among the most advanced. IT teams should leverage it for its automation capabilities and accuracy. Model selection and training are crucial considerations, even if manufacturers use off-the-shelf solutions.
Who will be in charge of training and fine-tuning the predictive model? What should the cutoff for historical information be? Who passes along warnings when the tool uncovers an insider? Responsibility delegation should happen before completing implementation.
Continuous monitoring is essential for investigations. Management can’t outright accuse someone since risk isn’t necessarily an indicator they are actively working with threat actors. Instead, they must log activity and gather evidence.
Once irrefutable evidence is gathered, risk minimization can begin. For malicious insiders, the IT team should create a honeypot to bait action in a no-risk environment. The other types should receive a formal warning, disciplinary action or additional training, depending on their behaviors.
Insider threats can take any form. Even if they aren’t acting maliciously, their actions may inadvertently result in equipment damage, on-the-job injuries or intellectual property exposure. Management may assume their factory floor is free of these threats, but the IT team knows better. Continuous vigilance is essential, even with predictive analytics.