Manufacturers Need to Pay Attention to Cybersecurity Risks
Jeffrey I. Ziplow, MBA, CISA, CGEIT
For many years manufacturers have enjoyed a luxury not afforded to other industries such as the financial, healthcare and retail sectors—they have been much less at risk for cybersecurity threats. Unfortunately, 2015 has shown a shift in the industries experiencing the highest incident rates.
IBM has recently released the 2016 version of its annual IBM X-Force Cyber Security Intelligence Index – a report that provides readers with an overview and detailed look at the type and volume of attacks by industry. Coming in at second place is the manufacturing industry, which includes automotive, electronic, textile, and pharmaceutical companies. Clearly manufacturers need to be just as attuned to these potentially devastating threats as any other business.
Why has this become a risk to manufacturers now when it wasn’t as much of one before? The main reason is connectivity—with so many personal and company devices now connected to the internet and information stored digitally in common areas, exposure has increased exponentially and, in turn, so has the risk of an attack. Manufacturers also are dependent on production, meeting deadlines and protecting proprietary/intellectual property information, and any form of cyberattack could wreak havoc.
Think of the potential harm a cyberattack could cause to a manufacturing business. If hackers were to gain access, the first thing that would happen would be the business would have to shut down at least temporarily, meaning production is disabled and potentially critical deadlines could be missed. There is also the risk of product tampering and manipulation—cyber attackers these days are savvy enough to program mistakes into existing products that the company may not know about until the product is already in the public, triggering expensive and embarrassing recalls. Lastly, there is the very real threat of vital intellectual property/information being stolen; often times this is the Holy Grail for cyber thieves. This can obviously have enormous negative financial implications on a manufacturing business.
What can manufacturers do to safeguard themselves against such attacks and potentially devastating financial consequences? Plenty.
Risk Assessment– This is the appropriate starting point for all cybersecurity plans. A manufacturing business should examine the entire organization to determine what critical data is stored, where the greatest risk areas are and what needs to be improved in terms of security. All cybersecurity measures start with a thorough risk assessment.
Vulnerability Testing– Once a risk assessment is in place, simulations can be run—think of it as a cyberattack fire drill to ensure these measures are working…..effectively. Many times this is done by attempting to penetrate a business in the same way that hackers attack. Manufacturers often work in hyper-competitive business environments where falling behind a competitor for even the briefest of moments can prove fatal to the business. Testing cybersecurity systems for potential vulnerabilities can have an invaluable impact on a manufacturing business, both in the short-term and long-term.
Employee Awareness– Unfortunately employees often become the source of vital information getting out to those who wish to do a business harm. Whether it’s bringing unsecured work home with them, leaving laptops or portable devices unattended or simply sharing information in public that shouldn’t be shared, potential risks exist everywhere. Awareness of these threats must be embedded through employee education efforts, and once completed can prove highly effective.
Cyberattacks are very real and quite prevalent in the interconnected online business world. Fewer manufacturing companies these days operate their offices and books with paper files, and the move to digital management has placed these companies in the sights of those criminals who would love to bring chaos and instability to manufacturers. While the threats are real, so are those steps manufacturers can take to prevent them. The key is action—the time is now for these companies to start proactively protecting themselves.
Additional Cybersecurity Resources from BlumShapiro:
- What is bitcoin? Find out the key information you need to know about bitcoin.
- Do your employees BYOD? Download our BYOD guide to learn how to protect your business.
- Ransomware has affected countless people and businesses, learn about the new Ransomware Pandemic.
How BlumShapiro's Cybersecurity Team Can Help:
Could your organization be vulnerable to a cyber attack? What is your current exposure? How would your business continue to function in the event of a breach? Our cybersecurity experts can help you address the vulnerabilities and risks your organization faces against cyber security threats. Remember, the costs of developing a security strategy you feel confident about are minor compared to the potential financial and reputation risk if an attack or breach occurs. Learn more about our services >
Jeffrey I. Ziplow is a partner with BlumShapiro, the largest regional business advisory firm based in New England, with offices in Connecticut, Massachusetts and Rhode Island. The firm, with over 400 professionals and staff, offers a diversity of services which includes auditing, accounting, tax and business advisory services. In addition, BlumShapiro provides a variety of specialized consulting services such as succession and estate planning, business technology services, employee benefit plan audits and litigation support and valuation. The firm serves a wide range of privately held companies, government and non-profit organizations and provides non-audit services for publicly traded companies.