L&T Blog

How Manufacturers Can Fortify Their Company Against Cyberattacks

July 29, 2019

More companies are embracing cutting-edge digital capabilities to improve connectivity, collaboration and business insights. But as enterprises grow their digital inventories, they also need to be aware of potential vulnerabilities.

Cyber risk is a growing concern across all industries, and data breaches are more frequently making headlines. A prominent example is the 2017 Equifax data breach, which exposed the sensitive personal information for more than 147 million Americans – one of the largest incidents of its kind. Data breaches and other forms of cybercrime represent a new threat that companies need to address sooner rather than later.

The manufacturing industry relies on a variety of technologies to innovate and compete in a fast-paced market. Among these include the complex global networks, back office business applications, numerous industrial control systems integral to important manufacturing processes and the technology that is built into existing and emerging products. Technology within the manufacturing industry is always shifting, and it’s a necessary facet to the company infrastructure.

For these reasons, manufacturing companies are especially susceptible to cyberattacks.

In What Common Areas are Manufacturers Vulnerable to Cyber Crime?

·        Talent and human capital – Threats directly attributable to company employees include phishing/pharming scams, direct abuse of IT systems, errors/omissions or the use of personal devices. Of course, most times this is the result of an unintentional mistake or carelessness like clicking on a link in a malicious email or skipping essential security protocols.

But a company’s greatest asset is undoubtedly its talent: protecting your company against cyber threats needs to be a collective effort. This means nurturing the right skill sets on your IT team, establishing ownership of cyber risk across the company and delivering engaging learning programs to heighten knowledge and awareness. When it comes to cyber risk, it’s all hands on deck: everyone along the chain of command should understand the severity of cyber threats, how to recognize them and where they’re most common.

·        Intellectual Property (IP) – IP theft is the most frequently cited cyber threat facing manufacturing executives, followed by phishing and pharming attacks. Many companies regard IP as valuable as sensitive personal data. IP requires constant protection when its stored, moved or shared.

Securing IP is no small task – and there’s no one-size-fits-all approach.Organizations need to consider who might attack from the outside and what techniques are being used to address these potential attacks, in addition to having an awareness of internal or third-party risks.

Manufacturers can start by classifying and maintaining their IP, so employees know exactly what IP is owned and where it’s located. Then, implement IP protection capabilities at the data layer, including digital rights management and database activity monitoring. Build a strategy to protect IP and allocate appropriate tools to prevent the risk holistically. As a final measure, companies can greatly reduce the value of IP by encrypting or obfuscating the data if (or when) it is obtained by threat actors.

·        Industrial Control Systems (ICS) – The risks found on the shop floor and at the engineering levels are often the most frequently overlooked, creating a perfect opportunity for cyber criminals to attack. Manufacturers’ legacy systems, lack of complete inventories of ICS systems and their connectivity, and limiting production down-time creates prominent exposures.

IT and OT need to collaborate to balance a company’s productivity and profitability, with the company’s known cyber vulnerabilities. Cyber assessment is too-often left out of due diligence activities; enterprises need to ensure their software is readily updated and checked for security gaps.

Cyber Security Best Practices, for Manufacturers and Everyone Else

Cyberattacks need to be taken seriously by all types of companies. They not only put productivity at risk, but also your company’s public facing image. Strengthening your company’s defense against a possible breach, ransomware or otherwise starts with following cyber security best practices. These steps can help prevent a cyberattack from occurring, lessen the severity in the unfortunate circumstance that your company is targeted and provide an efficient guideline on how to respond.

·        Conduct an Audit - Determine potential exposures for your organization and establish an action plan for identifying and implementing proper controls.

·        Establish Thorough, Written Policies – These internal policies detail your organization's cyber security safeguards, including password protocols, guidelines for internet use, customer data control and penalties for policy violations.

·        Update Company Tools - Keep hardware and software up-to-date to decrease risk from the latest malware or other security threats.

·        Secure Your Internet Connection – Implement a firewall and assure Wi-Fi signals are secure and encrypted.

·        Set Up Employee Access Controls - Manage employee access to the internet or customer data by creating separate, password-protected user IDs for all employees. Only grant employees access to systems needed to perform their job.

·        Protect Payment Routes - Keep systems used for payments separate from other potentially less-secure systems.

·        Collaborate with Banks - Work with banks to make sure the payment systems and services in place are trusted and secure.

·        Back Up Valuable Information - Do regular backups of vital data, including internal documents and customer information. Store these backups offsite or on the cloud.

·        Implement Physical Safety Measures - Store network equipment, servers and other hardware in locked or restricted-access areas.

·        Use Password Protection - Secure mobile devices by requiring a password and install trusted security and anti-fraud systems. In addition, employees should regularly change their passwords.

In the end, protecting your company’s most valuable digital assets starts with excellent communication across all departments. Cyber security cannot be accomplished by IT professionals alone. Instead, each member of the manufacturing team should be invested in the company’s security too.

Speak with a Lovitt & Touché representative to learn more.