Technology has unlocked innovative ways for businesses to discover and service markets, identify and reach new customers and control inventories and processes. However, technology has also increased the surface area for which businesses may be vulnerable. The manufacturing and retail industry, now more than ever, must rise to meet the challenges and defend from both external and internal threats to protect its data and the information of its clients.
Businesses are only as secure as their weakest link. Often times that might be an unsupported web server, a phone system with default settings, or a vulnerable employee. So many components of the manufacturing industry now include technology that managing them all requires a staff of knowledgeable and proactive professionals. These technicians, engineers and analysts spend much of their time trying to keep up with day-to-day operations to ensure that employees can perform their normal functions.
How often does IT ask where confidential data lives or where an attacker might be able to find unencrypted credit card numbers or social security numbers? Is there already a widening gap between secure practices and how the business has grown comfortable operating?
Often times, we become accustomed to the ‘if it isn’t broken, don’t fix it’ methodology, which you won’t find in any best practice or standard operating procedure. Day-to-day operations are never questioned, but as they evolve week to week, month to month and year to year, it may begin to put distance between departments and security practices. Some employees and managers don’t see themselves as the owners of the data, but rather, may believe it is up to IT to know what is important and how to best protect it. It has become increasingly critical that organizations invest in continually evaluating their risks through a variety of strategies-starting with adhering to simple steps.
The Center for Internet Security (CIS) Top 20 Critical Security Controls (previously known as the SANS Top 20 Critical Security Controls https://www.cisecurity.org/controls/ ) is a prioritized set of best practices created to stop the most pervasive and dangerous threats today. It was developed by leading security experts from around the world and is refined and validated every year. While being compliant leads to a more secure operating environment, there is no silver bullet for security. However, following these controls can significantly reduce the chances of a compromise.
CIS recommends that all businesses adhere, at a minimum, to the first five critical controls to eliminate the vast majority of your organization’s vulnerabilities.
The top five controls give an organization visibility into what technology is used, what vulnerabilities exist and who has permissions to access that information. It provides a general level of visibility into the working gears of the business and helps to establish a baseline. This baseline can empower both IT and employees to identify what is ordinary and what is out of the ordinary.
Being able to identify activity or behavior that is out of the ordinary is the only way in which malicious behavior can be detected and then acted upon. Having the ability to step back and view systems and applications from an outside viewpoint is also a skill that does not necessarily come easy to someone who is entrenched in the existing environment. It is times like these when an outside viewpoint or a fresh set of eyes can provide remarkable value.