Featured Image

Time To Rethink Your Cybersecurity Plan?

Proactively addressing cybersecurity can turn a “necessary evil” into a competitive advantage. Implementing a solid cybersecurity plan can reassure existing customers that they have made the right choice in choosing your company as a supplier.
Mar 22, 2022

Every company has implemented some form of security function to protect their communications network from threats that could impact the business. Individual implementations range from fairly basic to elaborate. A key factor for any successful implementation is that it continually needs to evolve to stay current with the ever-changing cybersecurity threats to your business. 

Unfortunately, many businesses’ leaders view addressing network security issues as a “necessary evil,” where someone in the business is assigned the task of making the problem go away, and that is the last they think about it – until they encounter a major security event. 

The most successful cybersecurity implementations are based on a few common denominators:

  • Cybersecurity is viewed as a strategic initiative within the business.

  • The cybersecurity implementation is based on a documented plan.

  • The cybersecurity plan is continually evolving to address the changing threat environment.

Fortunately, some companies are evolving their attitude and beginning to view cybersecurity as a competitive advantage.

Transitioning From Defense to Offense

One only needs to look as far as a company’s customers to find motivation for rethinking how and why you view your company’s cybersecurity strategy. Every customer wants to know that their supply chain partners will be there when they need them – reliable and consistent. 

We have all heard of multiple supply chain disruptions due to cybersecurity attacks. There are a lot more that occur that never see the light of day, impacting companies of all sizes. These disruptions are typically measured in days, not hours, of lost production. 

Suppliers also often have sensitive customer information that can be at risk – it is the supplier’s responsibility to protect that information. Security breaches can impact relationships up and down the supply chain.

Most purchasing contracts have always contained clauses regarding the protection of information and data. We are now seeing more aggressive actions by the government to secure their supply chain. The Department of Defense is implementing a program called Cybersecurity Maturity Model Certification (CMMC), which makes minimum levels of cybersecurity implementation mandatory for participation in their supply chain. 

Proactively addressing cybersecurity can turn a “necessary evil” into a competitive advantage. Implementing a solid cybersecurity plan and then communicating that you have such a plan can reassure existing customers that they have made the right choice in choosing your company as a supplier. This can also position a company to secure new business by demonstrating a commitment to being a consistent and reliable partner and providing a differentiation that will take others time and effort to match. 

Establishing an Advanced Cybersecurity Plan

An advanced cybersecurity plan involves more than the application of technology. It is more than writing and implementing a plan. It is a culture that needs to permeate a business, involving every person in the business and every outside person who interacts with the business.

Whether a company is early in the development of their cybersecurity plan or the company already has a viable plan in place, there are some valuable tools available to help assess your current plan and identify steps to strengthen that plan. The most comprehensive guide outlining a fully integrated cybersecurity plan is provided by the National Institute of Standards and Technology (NIST). This guide is comprised of NIST standards SP 800-171 and SP 800-172. 

Additionally, many companies also are building their cybersecurity plan using the Purdue Enterprise Reference Architecture. The Purdue model focuses more on technology implementation, while the NIST standards provide a broader, business-wide view of cybersecurity.

While the cybersecurity plan needs to be optimized for the unique characteristics of each company, there are major areas of focus that need to be addressed in every advanced security plan. In subsequent articles, we will dig deeper into the common themes to be considered as part of a step-by-step process for building a comprehensive cybersecurity plan. 

PicturePicture
Author
John Turner
Director of Technology for FA Consulting & Technology (FAC&T) and member of the MTConnect Institute.
Recent technology News
Any cybersecurity implementation involves a trade-off between a company’s tolerance for risk and the effort and costs associated with protecting the company’s resources and customers. Learn how to assess risk and test for vulnerabilities in your network.
A company's cybersecurity plan requires constant monitoring and maintenance in order to effectively detect, analyze, contain, recover, and prevent attacks. Learn what steps personnel should take when an incident is detected and how to maintain the system.
You can set up free machine monitoring in as little as 30 minutes using a tool created by the great folks at Oak Ridge National Laboratory (ORNL)...
Ultra-premium, bougie digital twin. Michigan incentivizes industry 4.0 embrace. Metal health. "Go hug a driver or hug a worker in a distribution center."
A key aspect of any advanced cybersecurity plan is oversight and management of company and supplier personnel to address events originating within a company – intentional or not. Find out what considerations should be made when implementing your plan.
Similar News
undefined
Technology
By John Turner | Sep 01, 2022

Advanced cybersecurity plans should include functionality for logging every attempt to access the network or critical areas on the network to protect business assets or as required for legal or contractual requirements. Read on to learn what that involves.

5 min
undefined
Technology
By John Turner | Jun 03, 2022

Access control in an advanced cybersecurity plan go well beyond usernames and passwords. It means defining, implementing, and monitoring rules to control which persons and systems may access resources within your company’s network and computer systems.

5 min
undefined
Technology
By John Turner | Jan 26, 2023

Any cybersecurity implementation involves a trade-off between a company’s tolerance for risk and the effort and costs associated with protecting the company’s resources and customers. Learn how to assess risk and test for vulnerabilities in your network.

4 min