Featured Image

Time To Rethink Your Cybersecurity Plan?

Proactively addressing cybersecurity can turn a “necessary evil” into a competitive advantage. Implementing a solid cybersecurity plan can reassure existing customers that they have made the right choice in choosing your company as a supplier.
Mar 22, 2022

Every company has implemented some form of security function to protect their communications network from threats that could impact the business. Individual implementations range from fairly basic to elaborate. A key factor for any successful implementation is that it continually needs to evolve to stay current with the ever-changing cybersecurity threats to your business. 

Unfortunately, many businesses’ leaders view addressing network security issues as a “necessary evil,” where someone in the business is assigned the task of making the problem go away, and that is the last they think about it – until they encounter a major security event. 

The most successful cybersecurity implementations are based on a few common denominators:

  • Cybersecurity is viewed as a strategic initiative within the business.

  • The cybersecurity implementation is based on a documented plan.

  • The cybersecurity plan is continually evolving to address the changing threat environment.

Fortunately, some companies are evolving their attitude and beginning to view cybersecurity as a competitive advantage.

Transitioning From Defense to Offense

One only needs to look as far as a company’s customers to find motivation for rethinking how and why you view your company’s cybersecurity strategy. Every customer wants to know that their supply chain partners will be there when they need them – reliable and consistent. 

We have all heard of multiple supply chain disruptions due to cybersecurity attacks. There are a lot more that occur that never see the light of day, impacting companies of all sizes. These disruptions are typically measured in days, not hours, of lost production. 

Suppliers also often have sensitive customer information that can be at risk – it is the supplier’s responsibility to protect that information. Security breaches can impact relationships up and down the supply chain.

Most purchasing contracts have always contained clauses regarding the protection of information and data. We are now seeing more aggressive actions by the government to secure their supply chain. The Department of Defense is implementing a program called Cybersecurity Maturity Model Certification (CMMC), which makes minimum levels of cybersecurity implementation mandatory for participation in their supply chain. 

Proactively addressing cybersecurity can turn a “necessary evil” into a competitive advantage. Implementing a solid cybersecurity plan and then communicating that you have such a plan can reassure existing customers that they have made the right choice in choosing your company as a supplier. This can also position a company to secure new business by demonstrating a commitment to being a consistent and reliable partner and providing a differentiation that will take others time and effort to match. 

Establishing an Advanced Cybersecurity Plan

An advanced cybersecurity plan involves more than the application of technology. It is more than writing and implementing a plan. It is a culture that needs to permeate a business, involving every person in the business and every outside person who interacts with the business.

Whether a company is early in the development of their cybersecurity plan or the company already has a viable plan in place, there are some valuable tools available to help assess your current plan and identify steps to strengthen that plan. The most comprehensive guide outlining a fully integrated cybersecurity plan is provided by the National Institute of Standards and Technology (NIST). This guide is comprised of NIST standards SP 800-171 and SP 800-172. 

Additionally, many companies also are building their cybersecurity plan using the Purdue Enterprise Reference Architecture. The Purdue model focuses more on technology implementation, while the NIST standards provide a broader, business-wide view of cybersecurity.

While the cybersecurity plan needs to be optimized for the unique characteristics of each company, there are major areas of focus that need to be addressed in every advanced security plan. In subsequent articles, we will dig deeper into the common themes to be considered as part of a step-by-step process for building a comprehensive cybersecurity plan. 

PicturePicture
Author
John Turner
Director of Technology for FA Consulting & Technology (FAC&T) and member of the MTConnect Institute.
Recent technology News
Any advanced cybersecurity plan should address electronic media in both the IT and the OT networks. Devices like CDs, flash drives, and more are problematic since each is an interface to your company’s network, introducing possible security threats.
The MTConnect Institute announces the release of MTConnect Version 2.0. The 2.0 version of the free, open, model-based standard that supports semantics for discrete manufacturing is a significant advancement from previous versions.
Access control in an advanced cybersecurity plan go well beyond usernames and passwords. It means defining, implementing, and monitoring rules to control which persons and systems may access resources within your company’s network and computer systems.
A look at what some of the job shops in the United States are doing.
Check in for the highlights, headlines, and hijinks that matter to manufacturing. These lean news items keep you updated on the latest developments.
Similar News
undefined
Technology
By John Turner | May 02, 2022

Cybersecurity protects your – and your clients' – assets. This series dives into how you can integrate a successful cybersecurity plan. From company culture to training and maintaining your personnel, creating a safe business environment starts here.

5 min
undefined
Technology
By John Turner | May 06, 2022

To build or enhance your company's cybersecurity plan, one of the first steps to consider is mapping out all access points to your company’s systems and network, including the interaction points between various systems within and outside the network.

5 min
undefined
Technology
By John Turner | Jun 03, 2022

Access control in an advanced cybersecurity plan go well beyond usernames and passwords. It means defining, implementing, and monitoring rules to control which persons and systems may access resources within your company’s network and computer systems.

5 min