Featured Image

Is Your Business Data Safe? How to Get Started in Cybersecurity Best Practices

In 2020, the manufacturing industry experienced 922 incidents, 381 with confirmed data disclosure. The majority of attacks were financially motivated (73%), with the others falling into the category of espionage (27%).
Jun 28, 2021

Manufacturing companies are no exception when it comes to the need for cybersecurity. As companies continue to embrace automation, edge computing, supply chain optimization, and remote diagnostics – among other technologies across the production chain – they become more vulnerable to cybersecurity threats due to this increased external connectivity. Ironically, smaller manufacturers are more likely to be targeted than their larger counterparts because they are viewed as easier to penetrate as entry points into larger manufacturing supply chains. In this article, we’ll provide an overview of how to start thinking about cybersecurity and best practices in terms of actually getting started.

Basic steps to protect your company network from intrusion

  1. Put in a firewall to separate your manufacturing network from your business network

  2. Install antivirus protections

  3. Conduct regular patches (updates) for all of your software and systems

  4. Have a robust backup system in place and do regularly scheduled backups

  5. Deploy an intrusion detection system or anti-malware software

  6. Train your employees on the basics of avoiding social engineering attacks

An excellent resource for getting high-level data and information on recent cybersecurity incidents in the manufacturing industry is Verizon’s annual Data Breach Investigations Report – now in its 13th year – which combines data from both public and private organizations globally, including law enforcement agencies, national incident-reporting entities, research institutions, private security firms, and Verizon. The 2020 report encompasses 157,525 reported incidents and 108,069 breaches for all industries and then breaks down its findings by industry.

In 2020, the manufacturing industry experienced 922 incidents, 381 with confirmed data disclosure. The majority of attacks were financially motivated (73%), with the others falling into the category of espionage (27%). Types of data compromised included credentials (55%), personal data (49%), other (25%), and payment data (20%). The report also notes that 75% of attacks came from external sources, while 25% originated internally.

How should a business understand the risks it faces, and how should it best approach the challenges of cybersecurity, especially if it is a small to medium-sized manufacturer (SMB) that wants to maximize every dollar spent?

AMT recommends that you learn more about existing cybersecurity standards and best practices by becoming familiar with the NIST Cybersecurity Framework and then go on to learn where your company’s specific weaknesses are by hiring an ethical hacker to conduct a penetration test of your network. We’ll break these two recommendations down.

The National Institute of Standards and Technology (NIST) Cybersecurity Framework, launched in 2014 and updated annually, is guidance based on existing standards, guidelines, and best practices for organizations to better understand, manage, and reduce their cybersecurity risks. It is designed to help you determine which activities are most important for your business and how to prioritize your investment in cybersecurity and maximize the impact of each dollar spent. The site also features more than 100 online resources produced by private and public sector organizations that offer guidance and examples about using the framework.

By providing a common language to address cybersecurity risk management, the framework is especially helpful in communicating inside and outside your company, including between and amongst IT, planning, and operating units, as well as senior executives. The framework can also be used to communicate current or desired cybersecurity needs between buyers and suppliers.

Penetration testing is a best practice and a quick way to get started

A penetration test, also known as ethical hacking, is an authorized, simulated cyberattack on a company’s computer network performed to evaluate the security of the system. The test is performed to identify weaknesses, including the potential for unauthorized parties to gain access to the system’s features and data. The test can also evaluate any existing cybersecurity strengths, enabling a full risk assessment to be completed. There are many companies nationwide performing this service, so get some recommendations from your industry peers or from local businesses to bring in a few companies, or individuals, to evaluate for doing this work.

SMBs may not have the resources to support full-time, in-house cybersecurity teams, which is why more businesses choose to outsource their cybersecurity needs. By choosing to work with a cybersecurity company, you benefit from 24/7/365 monitoring and support. 

Defense contractors

Manufacturers who are contractors or subcontractors with the Department of Defense (DOD) need to become familiar with another important resource: the Cybersecurity Maturity Model Certification (CMMC) Accreditation Body, which is authorized by the DOD to be the “sole authoritative source” for the operationalization of CMMC Assessments and Training for DOD contractors. The CMMC is the unified standard for implementing cybersecurity across the defense industrial base. Released by the DOD in January 2020, CMMC version 1.0 changed cybersecurity requirements for DOD contractors. Contractors were already responsible for “implementing, monitoring, and certifying the security of their information technology systems and any sensitive DOD information stored on or transmitted by those systems.” But as of January 2020, the CMMC also requires third party assessments of contractors’ compliance with certain mandatory practices, procedures, and capabilities that can adapt to new and evolving cyber threats from adversaries. All DOD contractors need to learn the CMMC’s technical requirements and prepare for certification, and by 2025, all DOD suppliers will need CMMC certification to bid on contracts.

Too many phish in the C:

Research has shown that the majority (over 80%) of security breaches happen because of social engineering and phising attacks. Social engineering tactics trick employees into opening email, visiting websites, permitting physical access, or plugging thumb drives or other media into the business’s computers for the purpose of inserting malware or gaining unauthorized access, or both. The best network security protecting a company can be bypassed through a social engineering attack. Holding organization-wide cybersecurity training for all employees about social engineering risks and what they look like is critical.

For more information, contact AMT’s director of manufacturing technology, Benjamin Moses, at bmoses@AMTonline.org.

Gail McGrew
Recent technology News
Sustaining a massive shift in U.S. Manufacturing. Guys, I can predict the future. Material flex. Yup, managing data is a thing now. Let’s have an honest conversation on cybersecurity.
One of the main differences between an OT (operational technology) network, such as one found on the manufacturing floor, and an IT (information technology) network , such as one found in an office environment, is the equipment ...
How do you make sense of data that you’ve never seen? This article provides a first-line approach on garnering data insights after the data has been initially retrieved.
Today, a business’s shop floor network, its operational technology (OT) network, faces essentially the same security threats as their general business network, or information technology (IT) network. Fortunately, the same technologies are available to ...
In the age of digital manufacturing, data systems have become more critical. The migration to these services from physical or existing digital systems requires thorough planning and a solid connection to business processes.
Similar News
By Stephen LaMarca | Jun 24, 2022

PMMI and Festo tag team the stem skills gap. AddUp opens up. Legoland in Virginia? Hexagon’s two favorite startups. Desktop CT scanning.

5 min
By Stephen LaMarca | Jun 17, 2022

“The future of 3D printing is female." Plastic-eating worms. 3D-printed home coming to Virginia! Need a vacation?

5 min
By Kristin Bartschi | Jun 16, 2022

GBM and AMT have signed a cooperation agreement to organize, produce, and promote FITMA, Latin America’s premier manufacturing trade show connecting contract manufacturers, OEMs, and equipment technology and suppliers from around the world.

6 min