Are Canadian Manufacturers Cyber Secure?

As you may have guessed, the answer, in broad terms, is no. It’s not that Canada’s manufacturers are doing nothing. But given the current cyber risk levels, industry and critical infrastructure are not prioritizing cybersecurity quickly enough and face increasing risk through Industry 4.0 modernization and increased cybercriminal activity.

Worrisome

Statistics from a study carried out last year cited on the IT World Canada blog would seem to support the conclusion above. Here are some highlights:

  • 40% of manufacturers have no formal cybersecurity program in place
  • 43% have no cybersecurity leader (CISO, Director) with a cybersecurity background
  • 70% don’t have a CISO, a written plan, and regular security audits (three critical elements of a mature cybersecurity program)
  • 65% report spending less than $100K annually on cybersecurity

Jean-Guy Rens, vice-president of the Canadian Advanced Technology Alliance (CATA), which commissioned the report, said the results are “worrisome.”

Worrisome indeed. Using these metrics, only 30% of Canadian manufacturers have a “mature” cybersecurity program. OK, but are Canadian manufacturers really at risk?

Are Canadian Manufacturers Really at Risk?

In a recent article on the CBC website, David Vigneault, the head of CSIS, stated clearly and unequivocally that Canadian industry faces severe risk from hostile state actors sponsored by countries such as Russia and China. "CSIS has observed persistent and sophisticated state-sponsored threat activity for many years now, and we continue to see a rise in the frequency and sophistication of this threat activity." pointed out Vigneault.

In the same IT World Canada post cited above came the observation that in the first 12 months of mandatory breach reporting (2019), the federal privacy commissioner's office logged 680 reports that affected data from 28 million people. These are some of our earliest glimpses into the real scope of cyberattacks. In the past, reporting was voluntary and spotty at best.

Add to this the very real risks involved in moving towards networked OT infrastructures (Industry 4.0). The new attack surfaces these initiatives expose, and the increase in criminal threats means risk is rising rapidly for Canadian manufacturers. When you consider that the manufacturing sector is under-investing in cybersecurity, as indicated by the stats above, the situation is… let’s go for the problematic this time.

If you aren’t convinced, you can take a few minutes and check out our list of prominent Canadian companies that made the headlines in 2020 by getting hacked. You’ll find several Canadian manufacturers (and a few government departments) made the list. It’s a list you don’t want to make in 2021.

Don’t Become a Statistic

We know the most challenging part is figuring out how to take the first steps. If you are among those organizations struggling to get your arms around the cybersecurity challenges, there is help available. You can start by reading our Where to Start post, which was written specifically to address this subject. And if you’ve decided to take the leap and start with a security audit, you can download our Audit Worksheet.

You can also consult the Canadian Centre for Cybersecurity’s Path to Enterprise Security for another perspective. Finally, if you are interested, you can explore the unique challenges facing manufacturers trying to protect both IT and OT infrastructures here and read up on the challenges of Industry 4.0 here.

Need Help? StreamScan is Here.

Whether you need help conducting a security audit, developing a security plan, or implementing a Managed Detection and Response solution, StreamScan has experts with years of experience in the manufacturing sector who can help. Get in touch with us at smbsecurity@streamscan.ai or call us at 1 877-208-9040.