Featured Image

Time To Rethink Your Cybersecurity Plan?

Proactively addressing cybersecurity can turn a “necessary evil” into a competitive advantage. Implementing a solid cybersecurity plan can reassure existing customers that they have made the right choice in choosing your company as a supplier.
Mar 22, 2022

Every company has implemented some form of security function to protect their communications network from threats that could impact the business. Individual implementations range from fairly basic to elaborate. A key factor for any successful implementation is that it continually needs to evolve to stay current with the ever-changing cybersecurity threats to your business. 

Unfortunately, many businesses’ leaders view addressing network security issues as a “necessary evil,” where someone in the business is assigned the task of making the problem go away, and that is the last they think about it – until they encounter a major security event. 

The most successful cybersecurity implementations are based on a few common denominators:

  • Cybersecurity is viewed as a strategic initiative within the business.

  • The cybersecurity implementation is based on a documented plan.

  • The cybersecurity plan is continually evolving to address the changing threat environment.

Fortunately, some companies are evolving their attitude and beginning to view cybersecurity as a competitive advantage.

Transitioning From Defense to Offense

One only needs to look as far as a company’s customers to find motivation for rethinking how and why you view your company’s cybersecurity strategy. Every customer wants to know that their supply chain partners will be there when they need them – reliable and consistent. 

We have all heard of multiple supply chain disruptions due to cybersecurity attacks. There are a lot more that occur that never see the light of day, impacting companies of all sizes. These disruptions are typically measured in days, not hours, of lost production. 

Suppliers also often have sensitive customer information that can be at risk – it is the supplier’s responsibility to protect that information. Security breaches can impact relationships up and down the supply chain.

Most purchasing contracts have always contained clauses regarding the protection of information and data. We are now seeing more aggressive actions by the government to secure their supply chain. The Department of Defense is implementing a program called Cybersecurity Maturity Model Certification (CMMC), which makes minimum levels of cybersecurity implementation mandatory for participation in their supply chain. 

Proactively addressing cybersecurity can turn a “necessary evil” into a competitive advantage. Implementing a solid cybersecurity plan and then communicating that you have such a plan can reassure existing customers that they have made the right choice in choosing your company as a supplier. This can also position a company to secure new business by demonstrating a commitment to being a consistent and reliable partner and providing a differentiation that will take others time and effort to match. 

Establishing an Advanced Cybersecurity Plan

An advanced cybersecurity plan involves more than the application of technology. It is more than writing and implementing a plan. It is a culture that needs to permeate a business, involving every person in the business and every outside person who interacts with the business.

Whether a company is early in the development of their cybersecurity plan or the company already has a viable plan in place, there are some valuable tools available to help assess your current plan and identify steps to strengthen that plan. The most comprehensive guide outlining a fully integrated cybersecurity plan is provided by the National Institute of Standards and Technology (NIST). This guide is comprised of NIST standards SP 800-171 and SP 800-172. 

Additionally, many companies also are building their cybersecurity plan using the Purdue Enterprise Reference Architecture. The Purdue model focuses more on technology implementation, while the NIST standards provide a broader, business-wide view of cybersecurity.

While the cybersecurity plan needs to be optimized for the unique characteristics of each company, there are major areas of focus that need to be addressed in every advanced security plan. In subsequent articles, we will dig deeper into the common themes to be considered as part of a step-by-step process for building a comprehensive cybersecurity plan. 

PicturePicture
Author
John Turner
Director of Technology for FA Consulting & Technology (FAC&T) and member of the MTConnect Institute.
Recent technology News
Implementing a cybersecurity plan includes deploying specific security functions to provide communications, networking, and database security. Learn what key factors to consider, what new technologies are being overlooked, and more for your implementation.
Configuration management in cybersecurity provides a uniform environment to deploy security updates, and a standardized platform to monitor network activity to identify potential security breaches. Learn what it is, how to use it, and what to watch for.
Advanced cybersecurity plans should include functionality for logging every attempt to access the network or critical areas on the network to protect business assets or as required for legal or contractual requirements. Read on to learn what that involves.
The definition and management of the credentials used to access the resources within a company's network requires their own set of rules within an access control strategy. Here are some important security elements to consider with usernames and passwords.
Any advanced cybersecurity plan should address electronic media in both the IT and the OT networks. Devices like CDs, flash drives, and more are problematic since each is an interface to your company’s network, introducing possible security threats.
Similar News
undefined
Technology
By Stephen LaMarca | Dec 02, 2022

A valet that won’t burn out your clutch. Y’all need facility tours. Paper batteries. Prototyping to mass production. Cybersecurity and the FBI.

5 min
undefined
Technology
By AMT | Nov 22, 2022

Check in for the highlights, headlines, and hijinks that matter to manufacturing. These lean news items keep you updated on the latest developments.

3 min
undefined
Technology
By Benjamin Moses | Nov 12, 2022

Steve is going to a manufacturing industry adjacent tradeshow that he and Ben have been trying to get into for a long time; Ben will for sure go next year (2024), though. Stephen also talks about how it felt to cut the first part off the new testbed CNC...

46 min