The threat of cyberattacks has never been greater, and nearly nine in 10 (88%) security leaders believe their organizations are not up to the challenge of addressing security risks, according to the Foundry Security Priorities Study 2023. I don't think so. In particular, the manufacturing industry faces the following challenges: According to Verizon's 2023 Data Breach Investigations Report – Production Snapshot, ransomware poses a significant threat, accounting for nearly a quarter (24%) of attacks.
It is no longer a question of if an attack will occur, but when, and potentially dire consequences if the attack is successful. For example, the ransomware attack on his Clorox in 2023 caused order processing delays and product outages and reduced his quarterly sales by 23% to 28%, adding to his more than $500 million. It is thought that it will reach.
Church & Dwight is a $21 billion manufacturer of personal and home care products, including Arm & Hammer, OxiClean, and other well-known brands. Early in the pandemic, David Ortiz, the company's chief information security officer (CISO), recognized that manufacturers' security risks would only increase. To address this challenge, he led strategic efforts to expand and strengthen cybersecurity and reduce cybersecurity risks at Church & Dwight.
“In particular, we needed to better protect our OT operations,” Ortiz explained. “Essentially, it means you need greater visibility across your IT and OT (operational technology) networks.”
To achieve this goal, Church and Dwight partnered with Rockwell Automation to serve as a trusted advisor. Ortiz and his team had extensive experience in cybersecurity, but for something as important as OT cybersecurity, they wanted to make sure they had insight from experts in the field.
Rockwell and Church & Dwight worked together to conduct a rigorous audit of network architecture, user privileges, and digital assets across manufacturing operations. They also led cybersecurity discovery workshops that followed his NIST cybersecurity framework at more than a dozen factories. These activities identified both vulnerabilities and strengths and formed the basis of a prioritized risk reduction plan.
“Our goal was to detect potentially malicious things on the network,” Ortiz said. “We were focused on this goal rather than 'boiling the ocean' in that we tried to proactively improve every possible process. This allows us to partner with our manufacturing team and takes up less of our precious resource time. ”
Through the process of successfully executing an efficient, phased deployment plan, the integration team learned six lessons to ensure strong OT cybersecurity.
- Deploy a demilitarized zone (DMZ) to isolate your OT systems from your IT network and the Internet.
- Further segment and harden your network to protect high-value assets, data, systems, and applications.
- Use professional OT security tools to monitor and secure your OT systems and perform frequent asset inventories.
- Keep your OT devices up to date with the latest security patches.
- Train your employees on OT security best practices.
- Develop an incident response plan to quickly respond to OT cybersecurity incidents, including steps to contain the incident, eradicate threats, and recover from damage.
Ortiz emphasized how important it is to work with trusted advisors who not only understand cybersecurity, but also have deep expertise in your company's business and industry. But above all, success depends on building a partnership and building trust with your operators.
“Respect the manufacturing team's time,” says Ortiz. “But keep going until you have all the information you need to properly assess your environment. Don't wait. Now is the time for him to invest in OT cybersecurity.”
Learn more about.
