View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Comment
June 16, 2022

Why operational technology is central to FMCG companies’ cybersecurity

The hardware and software used to control industrial equipment can be a weak point.

There can be no doubt cybersecurity should be a major business issue for FMCG boardrooms the world over. But how – and where – companies should invest is a critical question as they look to shore up their operations to reduce the impact of possible attacks.

Free Whitepaper
img

Never Trust, Always Verify: Is Zero Trust the Next Big Thing in Cybersecurity?

Cyberattacks continue to rise every year and no sector seems to be immune. Hackers target sensitive information such as organizational, client, and financial data, as well as intellectual property (IP) and proprietary functions. As digital transformation becomes a top priority for many organizations, traditional perimeter-based security models are no longer sufficient to address the growing cybersecurity concerns. Against the backdrop, enterprises explore zero trust as it takes a micro-level approach to authenticate and approve access at every point within a network. Reasons to read: The cybersecurity landscape is swiftly changing, and businesses need more awareness to meet the evolving change. The report highlights the current state of play and the future potential of the zero trust approach in cybersecurity to protect critical digital infrastructure of enterprises across sectors such as financial services, healthcare, telecom, and transportation, among others. Read our report and gather insights on the following topics:
  • Traditional vs zero trust protection
  • Key advantages and solution providers
  • Major industries and key players
  • Drivers and challenges
  • Top funded startups and Mergers & Acquisitions
  • Implementation challenges
by GlobalData
Enter your details here to receive your free Whitepaper.

One key area to consider is operational technology (OT). This technology refers to hardware and software used to control industrial equipment. Examples include industrial control systems, assembly-line robots, programmable logic controllers and building automation systems.

OT is central to modern manufacturing and supply chains more broadly – and is therefore crucial to any company that produces and/or handles physical goods, such as FMCG companies. These businesses rely on the smooth running of their manufacturing plants. Compromised industrial equipment can seriously disrupt production and, ultimately, a company’s entire supply chain. For example, even a few hours of downtime at a meat processor due to compromised machinery would result in an entire batch going off. More serious breaches can take weeks to fully resolve.

FMCG companies need to invest more in the cybersecurity of their OT environments, systems that are increasingly being targeted by threat actors. Mandiant, an industrial cybersecurity company, published a report in May 2021 in which it claimed cyberattacks on internet-exposed OT assets are increasingly frequent. This is not difficult to believe if, as Group IB, a cybersecurity company, suggests there has been a 150% increase in ransomware attacks in 2020.

Cyberattacks on OT environments are increasing because these assets are typically not well protected. There are a few key reasons for this. Firstly, more and more OT assets are both Internet- and network-connected. If breached, they can act as a gateway into the network for threat actors where they can wreak havoc. It is becoming increasingly common for OT assets to be Internet- and network-connected because it makes it easier for companies to operate the machines and monitor their operational output.

Equipment vendors also often want their machines Internet-connected when installed so that maintenance is easier. This would not be a problem if appropriate cybersecurity measures were in place to protect these exposed assets.

However, this is typically not the case. FMCG companies often operate extremely complex manufacturing networks that comprise hundreds of facilities across multiple continents. Each facility contains thousands of different OT assets. Many of these were installed years apart and are different models, from different vendors, with different firmware.

Because of the sheer number of OT assets across such vast geographical networks, these companies typically do not have sufficient visibility over all these assets and the data communicated to and from them. As a result, these unmonitored assets are often unprotected from cyberattacks. Because of the vast range of types, ages, models, and vendors, quick fixes such as regular universal patches are not viable ways to provide endpoint security. These differences will also result in different OT assets having different vulnerabilities. Moreover, many OT assets such as sensors and cameras have limited computing ability and, therefore, fully-fledged endpoint solutions such as anti-virus software cannot be installed on them.

On top of all this, cybersecurity staff are often familiar with IT but unfamiliar with OT. As a result, they do not understand what an OT asset’s role is within the network and what cybersecurity threats it might pose. Typical IT network monitoring tools are often not fully compatible with OT networks. This skills gap means cybersecurity is often poorly applied to or simply absent from OT networks.

The urgent need for OT cybersecurity solutions is being reflected in recent deals. In 2021, four leading OT cybersecurity specialists, Claroty, Armis, Dragos and Nozomi Networks, collectively attracted over US$1bn in funding.

Most recently, Google bid $5.4bn to acquire Mandiant, an industrial cybersecurity player. FMCG companies are starting to utilise these companies. The Coca-Cola Co. and Kellogg have commissioned the products and services of Claroty. Mondelez International is a client of Armis, while Johnson & Johnson is a client of Nozomi Networks.

As OT cybersecurity solutions develop, FMCG companies need to invest in them or face dire consequences.

Related Companies

Free Whitepaper
img

Never Trust, Always Verify: Is Zero Trust the Next Big Thing in Cybersecurity?

Cyberattacks continue to rise every year and no sector seems to be immune. Hackers target sensitive information such as organizational, client, and financial data, as well as intellectual property (IP) and proprietary functions. As digital transformation becomes a top priority for many organizations, traditional perimeter-based security models are no longer sufficient to address the growing cybersecurity concerns. Against the backdrop, enterprises explore zero trust as it takes a micro-level approach to authenticate and approve access at every point within a network. Reasons to read: The cybersecurity landscape is swiftly changing, and businesses need more awareness to meet the evolving change. The report highlights the current state of play and the future potential of the zero trust approach in cybersecurity to protect critical digital infrastructure of enterprises across sectors such as financial services, healthcare, telecom, and transportation, among others. Read our report and gather insights on the following topics:
  • Traditional vs zero trust protection
  • Key advantages and solution providers
  • Major industries and key players
  • Drivers and challenges
  • Top funded startups and Mergers & Acquisitions
  • Implementation challenges
by GlobalData
Enter your details here to receive your free Whitepaper.

NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. The top stories of the day delivered to you every weekday. A weekly roundup of the latest news and analysis, sent every Monday. The industry's most comprehensive news and information delivered every quarter
I consent to GlobalData UK Limited collecting my details provided via this form in accordance with the Privacy Policy
SUBSCRIBED

THANK YOU

Thank you for subscribing to Just Drinks