Featured Image

Is Your Business Data Safe? How to Get Started in Cybersecurity Best Practices

In 2020, the manufacturing industry experienced 922 incidents, 381 with confirmed data disclosure. The majority of attacks were financially motivated (73%), with the others falling into the category of espionage (27%).
Jun 28, 2021

Manufacturing companies are no exception when it comes to the need for cybersecurity. As companies continue to embrace automation, edge computing, supply chain optimization, and remote diagnostics – among other technologies across the production chain – they become more vulnerable to cybersecurity threats due to this increased external connectivity. Ironically, smaller manufacturers are more likely to be targeted than their larger counterparts because they are viewed as easier to penetrate as entry points into larger manufacturing supply chains. In this article, we’ll provide an overview of how to start thinking about cybersecurity and best practices in terms of actually getting started.

Basic steps to protect your company network from intrusion

  1. Put in a firewall to separate your manufacturing network from your business network

  2. Install antivirus protections

  3. Conduct regular patches (updates) for all of your software and systems

  4. Have a robust backup system in place and do regularly scheduled backups

  5. Deploy an intrusion detection system or anti-malware software

  6. Train your employees on the basics of avoiding social engineering attacks

An excellent resource for getting high-level data and information on recent cybersecurity incidents in the manufacturing industry is Verizon’s annual Data Breach Investigations Report – now in its 13th year – which combines data from both public and private organizations globally, including law enforcement agencies, national incident-reporting entities, research institutions, private security firms, and Verizon. The 2020 report encompasses 157,525 reported incidents and 108,069 breaches for all industries and then breaks down its findings by industry.

In 2020, the manufacturing industry experienced 922 incidents, 381 with confirmed data disclosure. The majority of attacks were financially motivated (73%), with the others falling into the category of espionage (27%). Types of data compromised included credentials (55%), personal data (49%), other (25%), and payment data (20%). The report also notes that 75% of attacks came from external sources, while 25% originated internally.

How should a business understand the risks it faces, and how should it best approach the challenges of cybersecurity, especially if it is a small to medium-sized manufacturer (SMB) that wants to maximize every dollar spent?

AMT recommends that you learn more about existing cybersecurity standards and best practices by becoming familiar with the NIST Cybersecurity Framework and then go on to learn where your company’s specific weaknesses are by hiring an ethical hacker to conduct a penetration test of your network. We’ll break these two recommendations down.

The National Institute of Standards and Technology (NIST) Cybersecurity Framework, launched in 2014 and updated annually, is guidance based on existing standards, guidelines, and best practices for organizations to better understand, manage, and reduce their cybersecurity risks. It is designed to help you determine which activities are most important for your business and how to prioritize your investment in cybersecurity and maximize the impact of each dollar spent. The site also features more than 100 online resources produced by private and public sector organizations that offer guidance and examples about using the framework.

By providing a common language to address cybersecurity risk management, the framework is especially helpful in communicating inside and outside your company, including between and amongst IT, planning, and operating units, as well as senior executives. The framework can also be used to communicate current or desired cybersecurity needs between buyers and suppliers.

Penetration testing is a best practice and a quick way to get started

A penetration test, also known as ethical hacking, is an authorized, simulated cyberattack on a company’s computer network performed to evaluate the security of the system. The test is performed to identify weaknesses, including the potential for unauthorized parties to gain access to the system’s features and data. The test can also evaluate any existing cybersecurity strengths, enabling a full risk assessment to be completed. There are many companies nationwide performing this service, so get some recommendations from your industry peers or from local businesses to bring in a few companies, or individuals, to evaluate for doing this work.

SMBs may not have the resources to support full-time, in-house cybersecurity teams, which is why more businesses choose to outsource their cybersecurity needs. By choosing to work with a cybersecurity company, you benefit from 24/7/365 monitoring and support. 

Defense contractors

Manufacturers who are contractors or subcontractors with the Department of Defense (DOD) need to become familiar with another important resource: the Cybersecurity Maturity Model Certification (CMMC) Accreditation Body, which is authorized by the DOD to be the “sole authoritative source” for the operationalization of CMMC Assessments and Training for DOD contractors. The CMMC is the unified standard for implementing cybersecurity across the defense industrial base. Released by the DOD in January 2020, CMMC version 1.0 changed cybersecurity requirements for DOD contractors. Contractors were already responsible for “implementing, monitoring, and certifying the security of their information technology systems and any sensitive DOD information stored on or transmitted by those systems.” But as of January 2020, the CMMC also requires third party assessments of contractors’ compliance with certain mandatory practices, procedures, and capabilities that can adapt to new and evolving cyber threats from adversaries. All DOD contractors need to learn the CMMC’s technical requirements and prepare for certification, and by 2025, all DOD suppliers will need CMMC certification to bid on contracts.

Too many phish in the C:

Research has shown that the majority (over 80%) of security breaches happen because of social engineering and phising attacks. Social engineering tactics trick employees into opening email, visiting websites, permitting physical access, or plugging thumb drives or other media into the business’s computers for the purpose of inserting malware or gaining unauthorized access, or both. The best network security protecting a company can be bypassed through a social engineering attack. Holding organization-wide cybersecurity training for all employees about social engineering risks and what they look like is critical.

For more information, contact AMT’s director of manufacturing technology, Benjamin Moses, at bmoses@AMTonline.org.

PicturePicture
Author
Gail McGrew
Writer
Recent technology News
Change is happening faster than ever. With it comes opportunities – as well as potentially insurmountable challenges to the status quo.
OpenUSD and USD refer to the same core technology, with OpenUSD emphasizing the framework's open-source nature.
Apple, like Thomas Edison, has essentially created a business model in which they take the ideas of others (like almost every iteration of the light bulb), take credit, and get away with it.
Discover how MTConnect bridges the innovation lag between consumer tech and manufacturing. As a unifying open-source standard, MTConnect streamlines machine communications and fuels emerging tools like digital twins.
For once, history is useful. Hope we are not still paying for that. Is faster better? Printing the big stuff. Barriers to tech adoption.
Similar News
undefined
Intelligence
By Kristin Bartschi | Dec 18, 2024

Any move by the Federal Reserve that keeps the economy growing at or above its current pace would spur additional investment in manufacturing technology given the currently elevated capacity utilization levels.

2 min
undefined
Technology
By Benjamin Moses | Dec 13, 2024

Episode 127: Ben and Steve both have some testbed updates and conclude that having a solid in-house IT team on hand is vital for implementing new OT (operational technology) systems. The tech friends lighten things up by reflecting on their Thanksgiving.

45 min
undefined
Intelligence
By Christopher Chidzik | Dec 11, 2024

Shipments of cutting tools, measured by the Cutting Tool Market Report compiled by AMT and USCTI, totaled $212.5 million in October 2024, a 12.6% increase from September 2024 but down 0.2% from October 2023. Year-to-date shipments totaled $2.07 billion.

4 min