Featured Image

Is Your Business Data Safe? How to Get Started in Cybersecurity Best Practices

In 2020, the manufacturing industry experienced 922 incidents, 381 with confirmed data disclosure. The majority of attacks were financially motivated (73%), with the others falling into the category of espionage (27%).
Jun 28, 2021

Manufacturing companies are no exception when it comes to the need for cybersecurity. As companies continue to embrace automation, edge computing, supply chain optimization, and remote diagnostics – among other technologies across the production chain – they become more vulnerable to cybersecurity threats due to this increased external connectivity. Ironically, smaller manufacturers are more likely to be targeted than their larger counterparts because they are viewed as easier to penetrate as entry points into larger manufacturing supply chains. In this article, we’ll provide an overview of how to start thinking about cybersecurity and best practices in terms of actually getting started.

Basic steps to protect your company network from intrusion

  1. Put in a firewall to separate your manufacturing network from your business network

  2. Install antivirus protections

  3. Conduct regular patches (updates) for all of your software and systems

  4. Have a robust backup system in place and do regularly scheduled backups

  5. Deploy an intrusion detection system or anti-malware software

  6. Train your employees on the basics of avoiding social engineering attacks

An excellent resource for getting high-level data and information on recent cybersecurity incidents in the manufacturing industry is Verizon’s annual Data Breach Investigations Report – now in its 13th year – which combines data from both public and private organizations globally, including law enforcement agencies, national incident-reporting entities, research institutions, private security firms, and Verizon. The 2020 report encompasses 157,525 reported incidents and 108,069 breaches for all industries and then breaks down its findings by industry.

In 2020, the manufacturing industry experienced 922 incidents, 381 with confirmed data disclosure. The majority of attacks were financially motivated (73%), with the others falling into the category of espionage (27%). Types of data compromised included credentials (55%), personal data (49%), other (25%), and payment data (20%). The report also notes that 75% of attacks came from external sources, while 25% originated internally.

How should a business understand the risks it faces, and how should it best approach the challenges of cybersecurity, especially if it is a small to medium-sized manufacturer (SMB) that wants to maximize every dollar spent?

AMT recommends that you learn more about existing cybersecurity standards and best practices by becoming familiar with the NIST Cybersecurity Framework and then go on to learn where your company’s specific weaknesses are by hiring an ethical hacker to conduct a penetration test of your network. We’ll break these two recommendations down.

The National Institute of Standards and Technology (NIST) Cybersecurity Framework, launched in 2014 and updated annually, is guidance based on existing standards, guidelines, and best practices for organizations to better understand, manage, and reduce their cybersecurity risks. It is designed to help you determine which activities are most important for your business and how to prioritize your investment in cybersecurity and maximize the impact of each dollar spent. The site also features more than 100 online resources produced by private and public sector organizations that offer guidance and examples about using the framework.

By providing a common language to address cybersecurity risk management, the framework is especially helpful in communicating inside and outside your company, including between and amongst IT, planning, and operating units, as well as senior executives. The framework can also be used to communicate current or desired cybersecurity needs between buyers and suppliers.

Penetration testing is a best practice and a quick way to get started

A penetration test, also known as ethical hacking, is an authorized, simulated cyberattack on a company’s computer network performed to evaluate the security of the system. The test is performed to identify weaknesses, including the potential for unauthorized parties to gain access to the system’s features and data. The test can also evaluate any existing cybersecurity strengths, enabling a full risk assessment to be completed. There are many companies nationwide performing this service, so get some recommendations from your industry peers or from local businesses to bring in a few companies, or individuals, to evaluate for doing this work.

SMBs may not have the resources to support full-time, in-house cybersecurity teams, which is why more businesses choose to outsource their cybersecurity needs. By choosing to work with a cybersecurity company, you benefit from 24/7/365 monitoring and support. 

Defense contractors

Manufacturers who are contractors or subcontractors with the Department of Defense (DOD) need to become familiar with another important resource: the Cybersecurity Maturity Model Certification (CMMC) Accreditation Body, which is authorized by the DOD to be the “sole authoritative source” for the operationalization of CMMC Assessments and Training for DOD contractors. The CMMC is the unified standard for implementing cybersecurity across the defense industrial base. Released by the DOD in January 2020, CMMC version 1.0 changed cybersecurity requirements for DOD contractors. Contractors were already responsible for “implementing, monitoring, and certifying the security of their information technology systems and any sensitive DOD information stored on or transmitted by those systems.” But as of January 2020, the CMMC also requires third party assessments of contractors’ compliance with certain mandatory practices, procedures, and capabilities that can adapt to new and evolving cyber threats from adversaries. All DOD contractors need to learn the CMMC’s technical requirements and prepare for certification, and by 2025, all DOD suppliers will need CMMC certification to bid on contracts.

Too many phish in the C:

Research has shown that the majority (over 80%) of security breaches happen because of social engineering and phising attacks. Social engineering tactics trick employees into opening email, visiting websites, permitting physical access, or plugging thumb drives or other media into the business’s computers for the purpose of inserting malware or gaining unauthorized access, or both. The best network security protecting a company can be bypassed through a social engineering attack. Holding organization-wide cybersecurity training for all employees about social engineering risks and what they look like is critical.

For more information, contact AMT’s director of manufacturing technology, Benjamin Moses, at bmoses@AMTonline.org.

PicturePicture
Author
Gail McGrew
Writer
Recent technology News
Considering recent events involving SolarWinds’ cybersecurity breach, security has become one of the hot topics among IT professionals. When it comes to security, it even gets more complicated when things are in the cloud.
New developments and enhancement in Motion control measuring devices and CNC software to achieve higher accuracies during high speed machining applications, including machine calibration.
Weld Spot Analytics (WSA) is a software solution that helps welding engineers in taking faster, more accurate decisions, and increase weld quality while avoiding inefficiencies and reducing wastes. Many are the challenges affecting welding operations...
Engineers at ATI Industrial Automation are used to designing sensors for tough conditions, but nothing compares to Mars’ subzero surface temperatures and rugged terrain.
Recently on IMTS spark, Matt Danford, senior editor of Modern Machine Shop, conducted the “Secrets to Running a Successful CNC Machining Business” session. He spoke with three past Top Shops honorees about how the Top Shops benchmarking program...
Similar News
undefined
International
By Arun Mahajan | Jul 26, 2021

Due to the pandemic’s second wave in India, June’s manufacturing Purchasing Managers’ Index (PMI) contracted, dipping below 50 for the first time in 11 months. However, the worst is over, and the business resumption index jumped from 92% to 96% last week.

5 min
undefined
Technology
By Benjamin Moses | Jul 16, 2021

Episode 53: Ben’s fed up with seeing Spot the robot dog dancing and not working. Steve saw farming equipment at the Goodwood Festival of Speed. Benjamin declares AI must get read up on material science to help put a stop to worldwide waste.

35 min
undefined
Technology
By Gail McGrew | Jul 16, 2021

For Protolabs, low volume is between hundreds and tens of thousands, with the minimum part quantity being one for all services.

5 min