Shifts in supply chains are common during times of emergency. Think back to the way auto manufacturers converted their factories from constructing cars to building bombers, tanks and military transport vehicles during World War II. In the wake of COVID-19, manufacturers are similarly filling important gaps by contributing critical medical supplies and essential amenities to frontline workers and homebound citizens. Clothing companies have shifted into mask production while tech giants like Tesla have rolled out custom ventilator designs.
Unfortunately for today’s manufacturers, they’re up against a threat automakers of the 1940s didn’t face: cyberattacks. Not only are manufacturers already predisposed to data breaches, but pivots to their production lines and supply chains introduce even more risk.
While all industries should re-evaluate their cybersecurity posture to better protect financial and sales data during the pandemic, manufacturers in particular need to consider the safety of sharing new intellectual property — both internally and externally — as they scramble to adjust.
Nearly half of all manufacturing companies suffered a data breach in the past year. The unstoppable pace of technological advances in the manufacturing industry has resulted in increased reliance on connected devices. While Industrial Internet of Things (IIoT) devices have brought much-needed efficiencies to the factory floor, they’ve also introduced new attack surfaces. Many of these devices run on decades-old code that enables dedicated-denial-of-service (DDoS) attacks, or even total takeovers due to the absence of modern security functions.
Despite these risks, our recent report on IT security preparedness across fields found that over half (53 percent) of manufacturing leaders report their companies are not prepared for a cyberattack. Throw in the rising number of COVID-19-related cyber threats and the security challenges associated with the pivot to manufacturing high-demand medical supplies, and manufacturers are looking at an IT landscape fraught with cybersecurity landmines.
Strengthening Your Cybersecurity Posture
Most cybersecurity experts agree that a data breach to some extent is inevitable for every company. Given the increased risks manufacturers face — especially now — cultivating the components of a strong cybersecurity strategy is critical to preventing as many breaches as possible and mitigating the fallout of those that do occur.
Most manufacturers have begun shifting some of the information stored in their on-premises data centers to the cloud. That means you need security strategies in place to protect both environments.
Defense in depth, an information assurance (IA) concept for data centers, involves multiple layers of security controls that collaborate to detect and respond to threats. Each layer addresses a different area of risk through network access control, perimeter management, endpoint and mobile security, intrusion detection and prevention, access management and more. If one layer becomes compromised, hackers still have to work through several others, decreasing the likelihood of a total breach or takeover.
The defense-in-depth approach is largely about defending a defined perimeter, akin to a castle’s moat. Zero Trust, on the other hand, is a security model designed to meet the rapidly evolving needs of cloud computing. The assumption here is that the entire network is already compromised. One component of this model is network segmentation.
When you split your main computer network into sub-networks (segments), you can better monitor and control the flow of your data. Similar to defense-in-depth layers, if one segment becomes compromised, hackers still have to gain access to multiple others before gaining all your information.
If you’re one of the many manufacturers operating in a hybrid security environment, you’ll need to devote equal resources to both defense-in-depth and Zero Trust strategies.
Personal Touches
It only takes one employee plugging in a USB drive they found in the parking lot to give hackers a doorway into your system. If you don’t already have IT-related training in place for all employees, seek out third parties that can teach employees how to spot and report phishing scams. It’s also a good idea to send out test phishing messages and require employees who click dubious links to attend additional training.
You can also establish certain protocols that prevent employees from engaging in behaviors that increase cyber threats. Comprehensive mobile device management (MDM) platforms can help you mitigate risk on company-owned devices by scanning for viruses, encrypting data and conducting remote wipes in the case of a lost or stolen device. Authentication methods like multi-factor authentication (MFA) and single sign-on (SSO) create additional layers of identity confirmation and access control.
Hackers don’t abide by the nine-to-five, so your IT guy can only do so much. And that’s not to mention the sheer number of options out there when it comes to determining the right strategies, tools and software vendors for your unique needs.
Third-party support enables employees and technology to level up quickly alongside changes to supply chains, ensuring a secure, seamless transition process. A partnership with a trusted advisor can help you navigate potential solutions and identify those that align with your manufacturing operations — mitigating the risk of your in-house team selecting a solution that falls short.
Third-party advisors can also connect manufacturers with key business partners. For example, if a manufacturer hopes to produce parts for a ventilator model, they’ll need expertise and support from a medical device company to properly comply with regulations and industry best practices. A trusted advisor can facilitate these partnerships to safeguard new projects and data against failure or breach.
If you’re a manufacturer working to make a difference in the fight against the coronavirus pandemic, you shouldn’t face the added concern of a multi-million dollar cyberattack as you shift processes quickly. Though security strategies may vary for manufacturers farther along their digital transformation journeys, all manufacturing companies can benefit from tools that allow them to prepare for, detect and respond to a potential breach.
Ken Presti is the VP of Research and Analytics, at AVANT.