Featured Image

Is Your Business Data Safe? How to Get Started in Cybersecurity Best Practices

In 2020, the manufacturing industry experienced 922 incidents, 381 with confirmed data disclosure. The majority of attacks were financially motivated (73%), with the others falling into the category of espionage (27%).
Jun 28, 2021

Manufacturing companies are no exception when it comes to the need for cybersecurity. As companies continue to embrace automation, edge computing, supply chain optimization, and remote diagnostics – among other technologies across the production chain – they become more vulnerable to cybersecurity threats due to this increased external connectivity. Ironically, smaller manufacturers are more likely to be targeted than their larger counterparts because they are viewed as easier to penetrate as entry points into larger manufacturing supply chains. In this article, we’ll provide an overview of how to start thinking about cybersecurity and best practices in terms of actually getting started.

Basic steps to protect your company network from intrusion

  1. Put in a firewall to separate your manufacturing network from your business network

  2. Install antivirus protections

  3. Conduct regular patches (updates) for all of your software and systems

  4. Have a robust backup system in place and do regularly scheduled backups

  5. Deploy an intrusion detection system or anti-malware software

  6. Train your employees on the basics of avoiding social engineering attacks

An excellent resource for getting high-level data and information on recent cybersecurity incidents in the manufacturing industry is Verizon’s annual Data Breach Investigations Report – now in its 13th year – which combines data from both public and private organizations globally, including law enforcement agencies, national incident-reporting entities, research institutions, private security firms, and Verizon. The 2020 report encompasses 157,525 reported incidents and 108,069 breaches for all industries and then breaks down its findings by industry.

In 2020, the manufacturing industry experienced 922 incidents, 381 with confirmed data disclosure. The majority of attacks were financially motivated (73%), with the others falling into the category of espionage (27%). Types of data compromised included credentials (55%), personal data (49%), other (25%), and payment data (20%). The report also notes that 75% of attacks came from external sources, while 25% originated internally.

How should a business understand the risks it faces, and how should it best approach the challenges of cybersecurity, especially if it is a small to medium-sized manufacturer (SMB) that wants to maximize every dollar spent?

AMT recommends that you learn more about existing cybersecurity standards and best practices by becoming familiar with the NIST Cybersecurity Framework and then go on to learn where your company’s specific weaknesses are by hiring an ethical hacker to conduct a penetration test of your network. We’ll break these two recommendations down.

The National Institute of Standards and Technology (NIST) Cybersecurity Framework, launched in 2014 and updated annually, is guidance based on existing standards, guidelines, and best practices for organizations to better understand, manage, and reduce their cybersecurity risks. It is designed to help you determine which activities are most important for your business and how to prioritize your investment in cybersecurity and maximize the impact of each dollar spent. The site also features more than 100 online resources produced by private and public sector organizations that offer guidance and examples about using the framework.

By providing a common language to address cybersecurity risk management, the framework is especially helpful in communicating inside and outside your company, including between and amongst IT, planning, and operating units, as well as senior executives. The framework can also be used to communicate current or desired cybersecurity needs between buyers and suppliers.

Penetration testing is a best practice and a quick way to get started

A penetration test, also known as ethical hacking, is an authorized, simulated cyberattack on a company’s computer network performed to evaluate the security of the system. The test is performed to identify weaknesses, including the potential for unauthorized parties to gain access to the system’s features and data. The test can also evaluate any existing cybersecurity strengths, enabling a full risk assessment to be completed. There are many companies nationwide performing this service, so get some recommendations from your industry peers or from local businesses to bring in a few companies, or individuals, to evaluate for doing this work.

SMBs may not have the resources to support full-time, in-house cybersecurity teams, which is why more businesses choose to outsource their cybersecurity needs. By choosing to work with a cybersecurity company, you benefit from 24/7/365 monitoring and support. 

Defense contractors

Manufacturers who are contractors or subcontractors with the Department of Defense (DOD) need to become familiar with another important resource: the Cybersecurity Maturity Model Certification (CMMC) Accreditation Body, which is authorized by the DOD to be the “sole authoritative source” for the operationalization of CMMC Assessments and Training for DOD contractors. The CMMC is the unified standard for implementing cybersecurity across the defense industrial base. Released by the DOD in January 2020, CMMC version 1.0 changed cybersecurity requirements for DOD contractors. Contractors were already responsible for “implementing, monitoring, and certifying the security of their information technology systems and any sensitive DOD information stored on or transmitted by those systems.” But as of January 2020, the CMMC also requires third party assessments of contractors’ compliance with certain mandatory practices, procedures, and capabilities that can adapt to new and evolving cyber threats from adversaries. All DOD contractors need to learn the CMMC’s technical requirements and prepare for certification, and by 2025, all DOD suppliers will need CMMC certification to bid on contracts.

Too many phish in the C:

Research has shown that the majority (over 80%) of security breaches happen because of social engineering and phising attacks. Social engineering tactics trick employees into opening email, visiting websites, permitting physical access, or plugging thumb drives or other media into the business’s computers for the purpose of inserting malware or gaining unauthorized access, or both. The best network security protecting a company can be bypassed through a social engineering attack. Holding organization-wide cybersecurity training for all employees about social engineering risks and what they look like is critical.

For more information, contact AMT’s director of manufacturing technology, Benjamin Moses, at bmoses@AMTonline.org.

Gail McGrew
Recent technology News
One of the main differences between an OT (operational technology) network, such as one found on the manufacturing floor, and an IT (information technology) network , such as one found in an office environment, is the equipment ...
How do you make sense of data that you’ve never seen? This article provides a first-line approach on garnering data insights after the data has been initially retrieved.
Today, a business’s shop floor network, its operational technology (OT) network, faces essentially the same security threats as their general business network, or information technology (IT) network. Fortunately, the same technologies are available to ...
In the age of digital manufacturing, data systems have become more critical. The migration to these services from physical or existing digital systems requires thorough planning and a solid connection to business processes.
As part of a new cybersecurity project, AMT hosted a webinar with a panel of experts focused on finding common ground between IT and OT.
Similar News
By Stephen LaMarca | Oct 15, 2021

Additive’s Impact on Space Exploration. Virtual Robot Obstacle Courses. Bipedal Robot Can Fly and Skateboard. Complex Vehicle-Painting Robot Arms. Acrylic or Gel?

5 min
By Benjamin Moses | Oct 15, 2021

The quality and fidelity of simulation have evolved so dramatically that many manufacturers don’t even know what is possible to accomplish using simulation.

5 min
By Patrick McGibbon | Oct 12, 2021

The good news from the aggregate data is that every country’s market has improved in 2021, and that trend is expected to continue into 2022.

5 min