In today’s society where the use of new technology and the internet are advancing at ever increasing rates manufacturing operations are opening themselves up to a new type of threat to their operations – cyberattacks. This doesn’t just apply to the large manufacturing operations, but any manufacturer that manages lucrative assets and information. As Mark Sangster mentions in his article “Manufacturing Cybersecurity Must Adapt to Emerging Technology and Threats”, “Growth and economic strength of a nation is measured by its manufacturing” which means that any manufacturing operation is the prime target of espionage as groups try to steal vital manufacturing IPs and operational secrets to improve their own operations or sell to others for a profit. Breaches are occurring regularly and, as some major corporations such Foxxconn, Honda, and Boeing can attest, can be very costly. Each of these companies have been breached and ended up paying between $3.5 and $6.0 million to fix.
In his article, Sangster mentions ten things that manufacturers can do to mitigate the risks and fallout from cyberattacks on their operations. These are as follows:
- Identify and audit critical systems and data – determine what is most critical to your operation and would have the greatest impact if it were attacked so that you are focusing your efforts on protecting what is most important
- Understand your obligations – this means more than just legally but also in terms of regulations, client accountability, internal supply chain responsibilities, etc.
- Establish cybersecurity policies and procedures – the easiest way to fall victim to cyberattacks is not to have security procedures in place or a procedure for reporting and dealing with an attack when it happens
- Conduct an annual risk assessment and security readiness exam – continually assess and update your security to ensure that you are always protected to the best of your ability
- Require encryption of stored data – this includes data on all platforms including mobile devices, laptops, servers, cloud storage, etc.
- Use VPN security to protect data and user credentials in motion through a virtual private network
- Establish mobile and bring your own device (BYOD) policies and controls to enforce strong password and limit access to critical corporate assets such as the ones identified in number one
- Establish back-up systems and services to help you recover in the event that a cyberattack does occur
- Establish an incident response plan and team – more importantly run practice drills, like you do for fire drills, to ensure that everyone is aware of the procedure and aware of what to do in case of an attack
- Consider getting cyber insurance – this will help cover the cost of an attack from investigation and disruption to lost revenue and other costs not covered in non-cyber specific policies
- What are my options legally in terms of recovering losses due to attacks? What agencies can I go to for help if I am attacked?
- Is it worth investing in outsourced cyber security to prevent an attack from occurring?
- As technology continues to advance, what additional risks do we need to consider when it comes to protecting our manufacturing operations?