In an effort to increase productivity in their operations, many manufacturing companies became some of the earliest adopters of technology. Subsequently, many of these companies are now using aging systems bogged down by decades of stored data. While the concept of a fully-connected control system is making the U.S. manufacturing industry billions, the failure to enforce security measures is also causing the industry to be more susceptible than ever to cyber security threats.
Following paperless trends among other industries, manufacturers are using technology to store employee records, credit accounts, transaction information, banking account transactions and even trade secrets. Combining this type of data with out-of-date technology can often lead to a crash and burn. Knowing this, hackers can seep into a company, hijack its information and shut-down operations, demanding that the company pay a ransom fee to take back its production line or retrieve its data. Under this type of pressure, manufacturers often end up paying the fee in order to quickly resume operations.
The broadened use of the Internet of things (IoT) allows manufacturers to connect machines, computers and other smart devices to ensure precise design, assembly and overall operations. However, these smart devices are not without vulnerabilities. If security measures are not set in place, hackers can easily access a manufacturer’s operational system and wreak havoc on the entire process. Once they have gained access, these criminals can alter automation controls to such a minimal degree that it can often go unseen until it is too late. A destructive intrusion such as this can cause serious impacts to a product’s design and safety.
An article from CSO Magazine reports that the average cost of a data breach was $1.3 million for enterprises and $117,000 for small and medium-sized businesses in 2017. The article also reports that even though attacks on industrial control systems are up by 5%, industrial firms are among those with the lowest security budgets. With attacks on the rise, it is crucial that these firms set better standards for their security protocols.
What are the solutions?
1. Layered Security Models
Having multiple layers of security set in place is a step towards securing your manufacturing company from outside intruders. Doing so involves ensuring that there are proper network controls and antivirus protections, as well as assessing file reputations and performing behavioral analysis. If these security measures are performing correctly, hackers will have many obstacles to jump through, making detection and remediation easier.
2. Endpoint Management Software
Manufacturing companies use many types of devices that are connected through the IoT. In order to prevent the threat of hackers, endpoint devices such as laptops, smart phones and tablets, bar code readers and more should only be allowed to access your network after it has been proven that they comply with the network’s security criteria.
3. Network Segmentation
By splitting your company’s network in to smaller subnetworks, manufacturing companies can reduce their risk of a full-on intrusion. Not only does this improve your security, but it also improves your ability to monitor and control what is happening in your company’s network.
4. Advanced Policies, Procedures, Training and Testing
Identifying the strengths and weakness in your systems and crosschecking between departments, functions and personnel can help to ensure process flows are up-to-date. Combining this with a properly designed and enforced system of operational and financial controls can help defend your resources. It is also crucial that your employees understand the policies and procedures and are trained to know what to look for when it comes to IT security. Be sure that you aren’t just monitoring your systems, but actually testing the efficiency of your security framework.
Warren Averett Technology Group can provide your company with complete end-to-end business continuity planning services, a full-range of modular IT security solutions, risk management services and more. While attacks on manufacturing companies are on the rise, we can work to ensure that your company does not fall victim to the trend.
Written by Jason Asbury, President of Warren Averett Technology Group and Member of the Firm