149817461 | Shutter2u | Dreamstime
668c67a7c48ab9d8b9249668 Dreamstime M 149817461

Pair of new reports see glaring data, cybersecurity, content-sharing vulnerabilities

July 9, 2024
Surveys from Copia Automation and Kiteworks of manufacturing stakeholders join others, from Fortinet in June and Ponemon/Cyolo in February, that point to large, exploitable holes in plant software, strategies, practices, and programming.

Two new reports, one by Copia Automation that found millions of dollars in losses per hour from cyber breaches and coding problems, and another by Kiteworks, which revealed most industrial organizations can’t track and control sensitive content shared externally, show that manufacturers continue to have glaring data, security, and content-sharing vulnerabilities that are ripe for exploitation by bad actors and cost them a lot in lost revenue. 

Released July 9 as part of its first State of Industrial DevOps Report, the Copia survey of 200 U.S. executives reveals half of all plant downtime is caused by programming mistakes and shows the shutdowns due to coding errors last 30 hours on average, costing $4.2 million per hour and $126 million per shutdown.

Half of all downtime is caused by industrial code changes, code confusion, lack of visibility into industrial code, and issues with programmable logic controllers, according to the new Copia report.

See also: Securing OT’s future: Strategies to adapt in an evolving environment

In its own 2024 Sensitive Content Communications Privacy and Compliance Report, released July 2, Kiteworks, which surveyed 572 IT, security, risk management, and compliance leaders, found:

  • 57% of organizations globally cannot track, control, and report on sensitive data sent and shared externally.
  • 32% of organizations experienced seven or more data breaches last year.
  • 34% of respondents generate audit log reports more than eight times per month to meet compliance requirements.
  • 66% of organizations exchange sensitive content with 1,000 or more third parties, posing significant risks.
  • 27% of North American organizations reported litigation costs exceeding $5 million due to data breaches.

 

Copia: Cyber breaches the No. 1 cause of downtime

The most common cause of unplanned plant downtime? Cybersecurity breaches, reported 47% of respondents to Copia Automation’s survey, followed by hardware malfunctions (45%), coding and software issues (41%), human errors (32%), and environmental disasters (25%).

"The cost of downtime minimizes or eliminates the margin between profitability and failure for manufacturers,” said Copia’s co-founder and CEO, Adam Gluck. “With coding errors and cybersecurity breaches shown as significant causes for downtime, manufacturers need to take every technological measure to protect their bottom line and ensure continuous operations with enhanced productivity.”

In other findings from the Copia survey, respondents reported they spend an average of 10 times longer (45 hours per month) debugging code than reviewing it, with this figure rising to 20 times (77 hours per month) in the retail and material handling sectors of industry.

The average percentage of downtime due to code changes is higher for those with more industrial sites (65% for 76-99 sites) compared to those with fewer sites (31% for 11-25 sites).

The Copia survey contains responses from 200 executives, including C-Suite (42%), SVPs/VPs/heads of departments/directors (38%), and managers (20%). Respondents primarily came from the high-tech, electronics, and semiconductor (21%), retail (19%), and automotive (18%) industries.

See also: Industrial OT widely vulnerable to intrusion, survey finds

The Copia survey, joining one in June from Fortinet, also highlights significant vulnerabilities in operational technology, the software and hardware that control industrial equipment. A possible cause for these is ad-hoc fixes in industrial programming, with 79% of respondents saying they are commonplace, according to Copia Automation, which is in the business of creating solutions that allow companies to manage their OT.

While these quick fixes can temporarily restore operations, they often leave organizations susceptible to breaches because the changes aren’t tracked. This makes it difficult or impossible to reliably maintain security updates. Considering the thousands of devices managed by manufacturers, the cascading effect of unmonitored changes can be substantial.

Kiteworks: Too many content comms tools, IP leakage red alert

The Kiteworks report cites widespread findings in the areas of the proliferation of communications tools, data breaches, third-party risk management, sensitive content security, compliance, and data classification and risk assessment, including:

  • Nearly one-third of organizations rely on six or more content communication tools, escalating risks and operational inefficiencies.
  • Preventing leaks of intellectual property is a top priority for 56% of respondents. The legal sector (75%) and the oil and gas sector (67%) express heightened concerns over IP leakage.
  • Respondents reported high cyber breach frequency, with 32% experiencing seven or more data breaches last year, with legal fees often exceeding $5 million.
  • The U.S. government and security and defense sectors reported the highest incidence of breaches, but the Asia-Pacific region had the highest percentage of organizations reporting seven or more breaches (43%).
  • Tracking challenges are widespread, with 39% of organizations globally reporting to Kiteworks that they can’t track and control access to sensitive content once it leaves their domain, with local governments and pharmaceutical companies facing the greatest challenges.
  • Only 11% of organizations believe no improvement is needed in sensitive content security, down from 26% in 2023. Large organizations and professional services firms indicate a significant need for improvement.
About the Author

Scott Achelpohl

I've come to Smart Industry after stints in business-to-business journalism covering U.S. trucking and transportation for FleetOwner, a sister website and magazine of SI’s at Endeavor Business Media, and branches of the U.S. military for Navy League of the United States. I'm a graduate of the University of Kansas and the William Allen White School of Journalism with many years of media experience inside and outside B2B journalism. I'm a wordsmith by nature, and I edit Smart Industry and report and write all kinds of news and interactive media on the digital transformation of manufacturing.