The manufacturing sector is quite vulnerable to cybersecurity breaches. Proactive management techniques can prevent such compromises.
Computer hackers and intruders have their eyes focused clearly on the manufacturing industry. Security threats seek large, visible targets and, hence, manufacturing is prime. Yet, many executives in manufacturing live by the perceptions that their business “is not that interesting” to an attacker. However, research suggests otherwise.
The PwC Global Economic Crime Survey 2016 found that cybercrime within the manufacturing sector is growing at a 9 percent rate—one of the higher growth rates of all sectors. The U.S. Department of Homeland Security declared manufacturing as the largest cybersecurity target, accounting for one third of all attacks. Not only is cybersecurity with a secure perimeter crucial to manufacturing’s infrastructure, it’s crucial to the viability of its customers as well. “We need to treat assets that could impact our reputation, as well as our customers, with utmost security,” says Chris Balderson, IT director, global security systems and compliance with Glatfelter. “Reducing risk is key. We know we can’t address every risk; however, we can go after the highest ones and update our security accordingly.”
Here are three areas of focus to proactively approach information security:
1. Focus on your weak areas, those without security patches within your IT infrastructure. Devise mitigation strategies to address the most vulnerable areas first, and then mitigate the risk. Apply security patches where possible, and work with vendors to provide such patches when feasible.
2. Focus on user control access and authentication. Ensure correct permissions match the right people, with the right access—in your network, as well as in your vendor and customer networks.
3. Focus on testing and simulation to prevent breaches before they occur by simulating real-life scenarios. Use test and simulation results to train and modify behavior. For example, simulate phishing, and observe user reactions. Then, use these results to develop specific security training.