The manufacturing and logistics sectors are on the front end of massive disruption. From AI, 3D printing and robotics to drones, self-driving trucks and IoT, technology is upending these industries.
Today, sophisticated manufacturing companies use so much technology on the production floor that the lines between manufacturers and technology companies have arguably begun to blur. Consider that Ford now files more technology patents than Google and Amazon, and that today there are more than a million lines of code in the average high-end car, compared with the roughly 1.7 million lines of code in the Windows kernel.
Risk of Not Innovating
It's no wonder leading manufacturing and logistics companies are upping their digital technology game. As if competition within those sectors wasn't stiff enough, today's manufacturers and logistics providers face disruption from new, digitally enabled entrants pushing into adjacent markets. Think of the impact ride-sharing companies are having on car sales. Innovative startups are forcing entrenched companies to rethink their business models and how they operate.
In extreme cases, organizations that rest on their laurels and fail to respond quickly to disruption could follow the fate of Kodak. The risk of not innovating needs to be balanced with the risk that new, non-traditional competitors could topple your position in the market. Manufacturing and logistics companies need to evaluate the likelihood and cost of losing market share to an emerging competitor and put plans in place to offset those risks. Yet those plans may necessitate taking on more risks—e.g., investing in a new technology or acquiring a startup.
Expanding Attack Surface
As manufacturing and logistics companies embrace digital transformation, they must prepare for the impact it may have on their cybersecurity posture. Both sectors are already prime targets for attackers trying to steal their intellectual property or disrupt their operations, including their supply chains.
This kind of cyber-attack risk is widely expected to increase as manufacturers and logistics providers weave sensors and other connected devices deeper into their day-to-day operations. IoT expands these organizations' attack surfaces, giving adversaries more entry points to exploit. Understanding how these technologies connect to your infrastructure and critical processes is the first step to mitigating these risks.
Cyber-attacks often lead to a variety of other risks, including business disruption and privacy breaches. Take the case of the NotPetya ransomware, which taught manufacturers, logistics providers and other companies tough lessons about business resiliency. In the wake of NotPetya, many companies resorted to employing decades-old manual processes in an effort to maintain business operations. But companies affected by the malware whose processes were newer and entirely digital were at a loss. NotPetya underscored the importance of not just having business continuity plans but making sure those plans are accessible to everyone who needs them in the event of catastrophic disruption. It also highlighted the importance of incident management and response—in this case, how companies managed the ransomware incident once it started and how quickly they recovered made a palpable difference in reducing losses.
Bottom line: As organizations become more dependent on digital
technology, they need to understand how to operate during—and
quickly recover from—a crisis.
With respect to privacy risk, many of today's digital business strategies seek to engage consumers on a very personal level. This type of personalization requires manufacturers to analyze scores of data points about the end consumers of their products. At the same time, there are more and more local and global privacy regulations dictating what companies can and can't do with customer data—and big fines for companies that violate them. So, manufacturers need to make sure their digital strategies comply with a wide range of privacy regulations that may give consumers "the right to be forgotten" and that may require organizations to obfuscate consumer data, dispose of it after a certain period, or otherwise cause them to question whether or not they really need to retain it.
Assessing Ecosystem Risks
Finally, but no less important, manufacturers and logistics companies must contend with third-party and supply chain risk. Product pedigrees and supply chain trust are now required to mitigate the risk of malicious technology being introduced into products and other forms of tampering. This leads some manufacturers to use blockchain technology to manage product provenance. At a minimum, combating this threat requires an understanding of the risk posed by third, fourth and Nth parties, combined with new levels of due diligence around upstream providers. Assessing ecosystem risks in this manner may help manufacturers determine if dual sourcing is an appropriate strategy for mitigating third-party and supply chain risks.
Cyber-attack risk, resiliency risk, privacy risk and third-party risk serve to illustrate the interconnected nature of digital risk in the manufacturing and logistics sectors. The more interconnected these risks, the greater their impact. Managing these complex digital risks will require manufacturing and logistics companies to coordinate traditionally siloed functions like IT, security and risk management and to use standard processes and frameworks. The organizations that undertake the hard work of bringing these functions together will be in a better position to pursue digital transformation with confidence and reap the benefits of taking calculated risks.
# # #
Get the RSA® Digital Risk Report 2019 to learn about perceptions and attitudes towards risk in the digital world and the top critical risk challenges facing organizations in your industry. You can also use the RSA Digital Risk Index to identify your organization's risk exposure and highlight specific focus areas where you can take immediate action. This quick online assessment can help guide your strategies as you prepare to take on new digital initiatives.
Join the #TalkingDigitalRisk conversation on Twitter and social media by following @RSAsecurity.