Digitizing manufacturing companies

When operational technology (OT) is connected to the internet and thus to IT, two different realities come together: while IT technology is considered obsolete and replaced after five years at the latest, the life cycles of production facilities and machines are significantly longer. This leads to very heterogeneous environments within a company. Uniform updates for operating systems, firmware, and antivirus software, which is so dependent on being up to date, become a challenge.

Another risk arises from the networks that have grown up over the years in industrial companies. Often, there is no precise documentation of what communicates with what. If malware encounters such a scenario, it can quickly spread via the existing network points.

Remote access is also a potential gateway for cybercriminals. In manufacturing companies in particular, many different parties need access to the systems: machine manufacturers have to perform remote maintenance, while operators want to read information about the machine status. There may also be connections to suppliers who need to be informed when materials are running low. 

Given these circumstances, it comes as little surprise which actions most companies are affected by: digital sabotage of information and production systems or operational processes ranks at the top of the list. This is confirmed by 33 percent of companies in the Bitkom study, with a further 40 percent suspecting it.

In second place is the theft of business data. Data is not only particularly valuable to companies, but also to cybercriminals. It provides insight into how a company operates and may give perpetrators information that they can use later for larger attacks. The biggest increase has been in the theft of financial data, which can be sold on the darknet or used for blackmail. The theft of intellectual property, such as patents and research and development information, has also increased compared to the last two years.

The damage to the German economy caused by cyberattacks rose to over €200 billion for the first time during the study period. For individual companies, their very existence is often at stake. And in the long term, the economic damage can be even greater if competitors bring the stolen ideas to market.

In light of recent developments, the European Union has tightened its cybersecurity requirements. With the NIS2 Directive, it aims to significantly improve the protection of critical infrastructure in Europe. The new regulations apply not only to traditional critical infrastructure, but also to manufacturing companies that are important for providing basic services to the population. Sectors such as healthcare and food supply will have to comply with stricter IT security rules in the future. However, mechanical engineering companies are also affected because they are particularly vulnerable due to their numerous digital dependencies.

In addition to a range of technical defensive measures, organizational measures will also become mandatory. With this approach, the EU wants to encourage companies to view IT security as a holistic task.

It is becoming increasingly important to rely on European solutions when it comes to IT and OT security. Companies must be able to trust that no one will gain access to their data or that of their customers. The lines between cybercrime and cyber espionage are becoming increasingly blurred, as Sinan Selen, Vice President of the German Federal Office for the Protection of the Constitution, confirmed during the presentation of the Bitkom study. State actors tolerate or actively use the criminal activities of private groups. According to the Bitkom study, 46 percent of the companies affected have detected at least one attack from Russia, with just as many attacks coming from China. Nearly a quarter could be traced back to the US. 

Endian offers a solution for these complex requirements. With the Endian Secure Digital Platform, IT and OT networks can be securely connected and centrally managed. At the same time, the platform creates the basis for benefiting from the numerous opportunities offered by digitalization. The Endian Secure Digital Platform enables: