6 Steps for Creating a Manufacturing Cybersecurity Program

August 09, 2020 Security and Compliance, MOVEit

The rapid digitization of manufacturing, especially with the interconnectivity of IoT, has resulted in novel and unprecedented cybersecurity risks.

Digital technologies have helped the manufacturing industry remain a fundamental player in the global economy. Innovations like computer-based control systems and industrial IoT devices boost productivity levels, facilitates collaborations across functional areas, and more.

While using new technology to digitize operations, manufacturers must also use technology to and safeguard their ideas and data and reassure their customers.

 

The Manufacturing Industry is a Favorite Target for Hackers

According to Verizon’s 2020 Data Breach Investigations Report, the manufacturing industry has long since been a favorite target of cybercriminals. Both external and internal actors target manufacturers to not only obtain proprietary data or conduct covert surveillance, but to also cause damage. In 2019, half of the destructive malware cases handled by one incidence response service were in the manufacturing sector. The attacks they execute are responsible for corrupted IT systems, forced plant closures, or even the forced shutdown of individual facilities. For example, Honda Motor Co. recently had to temporarily halt its some of its global operations when its headquarters was hit by a ransomware attack.

With the continued adoption of more even more automation, IoT, and cloud computing in manufacturing, there comes a broader area of cyberattack vulnerabilities and access that includes production materials, manufacturing equipment, and the logistics that rely on robots, AI, and data. This means that manufacturers have an increased need for protection from DDoS, ransomware, ICS, IoT, and IIoT (Industrial Internet of Things) attacks that can result in products being compromised and stolen intellectual property and.

Creating a Cybersecurity Program in the Manufacturing Industry

A strategic and effective cybersecurity program is the solution to preventing and surviving catastrophic data breaches and security failures in manufacturing. When developing a cybersecurity program for their enterprise, manufacturers should focus on three critical aspects:  people, processes, and technology. The program would allow manufacturers to securely share data across their organization and with all suppliers, partners, and contractors, all while remaining in regulatory compliance.   

1. Identify what data requires protection and where it is stored.

A manufacturer, like all businesses, has a duty to protect its structured and unstructured data. Still, it first has to identify what types of data it possesses and in which digital and physical environments the data exists. Knowing exactly where data like business formulas and processes, customer contracts, CAD drawings, trade secrets, customer IP, supplier contracts, source code, or other proprietary data is stored is necessary for constructing the proper controls and policies around the processes that store, process or transmits that data.

2. Create and maintain an inventory of all hardware and software devices in the network.

One of the main vulnerabilities of digitized manufacturing is the connected devices of IoT. Having a complete record of what devices are on hand is necessary so that all when critical vulnerabilities are announced, the appropriate devices can be quickly patched or updated.  

3. Determine when the data is at risk.

Manufacturers should review, assess, and map out their cyber risk in their entire supply chain to determine at which points their data may be at risk. This can aid in the faster detection and response of both internal and external threats.  

4. Create a plan to train employees and users on cybersecurity best practices.

Cybersecurity is an issue that requires the active participation of both employees and users. They should understand the real risk of cyberattacks and utilize company policies to minimize them. You should establish a culture of cybersecurity adoption by first raising awareness among employees and providing adequate training on the cybersecurity best practices. There should be password management policies in place for the creation of effective passwords. Employees should able to recognize baiting and phishing attacks and report them. It may be helpful to require employees to obtain regular certification on their cybersecurity knowledge.  

5. Use the appropriate security levels.

There should also be protocols in place that allow employees the appropriate level of security depending on their job title, device, and network. More stringent restrictions should be used on employees who have to access sensitive data or certain servers.

6. Reinforce network security.

Enhancing your network allows you to protect your most critical information and controls. This will entail having network security undergo risk assessments or penetration system and updating devices as needed. Implementing multi-factor authentication for external network access, such as for employees who have to access the company systems, including email systems, is also a must.  

Conclusion

As manufacturers continue to solidify their place in the digital age, they should not underestimate the real risks of cyberattacks and how it can impact their industry. Creating a cybersecurity program that ensures the proper cybersecurity framework is in place requires a multi-pronged approach. End-users all along the supply chain should be using the right technology and be actively engaged in being diligent against attacks. Policies and processes also have to be in place to minimize malware infections, servers with weak passwords, and improperly secured wireless networks.

Karen Coleman

Karen Coleman has extensive experience writing about the technologies and concepts that aid digital transformation. She regularly creates content for B2B companies that produce services and products related to APIs, cybersecurity, cloud computing and more. You can follow Karen on LinkedIn.

Read next Cybersecurity Cost: How Should It Fit Into Your Budget?