For Manufacturers, There’s No Time to Waste on Cybersecurity
There’s a joke that’s been going around for a while. Who led the digital transformation of your company? And the punchline: not the CEO or CTO, but COVID-19.
Of course, most good jokes carry at least a grain of truth and, in this case, it’s certainly fair to say the pandemic has seen many companies accelerate their journey of digitalization. As a new normal of disrupted supply chains and remote working has emerged, transformation plans that were years in the making have been implemented in a matter of months.
Cause for Congratulations and Concern
In many ways, this is a cause for a collective pat on the back. Organizations have managed to adapt their operating models quickly to protect employees and inventories, while keeping the lights on during this crisis, which is quite impressive.
Yet it also carries a threat. Most major overhauls, especially digital ones, tend to be scrupulously risk assessed and planned. But as COVID-19 dispersed workers to home offices, attics and kitchen tables almost overnight, there simply wasn’t time. I’ve heard stories of companies sending employees to big box stores for laptops, hardware and mobile devices just to enable them to keep working outside the boundaries of the office.
Without the usual provisioning and data governance procedures, it’s no surprise that many companies have found themselves more vulnerable to cyber-attacks. According to Skybox Security’s Vulnerability and Threat Trends in 2020 research report, there’s been a 72 percent increase in ransomware during the pandemic and a record number of new vulnerability reports predicted in 2020. After all, if an employee is using personal cloud storage or an unencrypted home Wi-Fi network, it’s far simpler for attackers to plant some malware and reap the rewards as it’s shared across a company’s entire network of authorized systems.
Naturally, this should concern businesses across all sectors – but none more so than manufacturers. Here, companies need constant access to information and processes in order to maintain service level agreements with customers. This means any disruption can have serious consequences – both financially and operationally – and makes them a top target for cyber-attacks.
While occasionally the result of corporate espionage, most such attacks are motivated by money, with criminals or nation-state actors demanding huge sums to decrypt company systems. Often, this comes with the twin threat of releasing sensitive data such as patents and trade secrets if companies fail to pay.
But even this isn’t without risk. Paying attackers with links to a recognized terrorist state can result in manufacturers violating Office of Foreign Assets Control (“OFAC”) regulations. Meanwhile, simply being victim of a security hack can mean a company finds itself in contravention of state, federal or international laws around personal information protection and breach notifications.
Take Action Now
Yet despite this evolving cybersecurity landscape, one thing hasn’t changed: most often when organizations fall victim to an attack, the vulnerability could have been easily avoided. The good news is there are some clear steps manufacturers of all sizes can take in order to defend themselves:
Identify, check, clean and protect. As we begin to adjust to a new normal, now’s the time to step back and assess the completeness and integrity of the devices and data that workers have been using. Once these checks are complete, any cleaning action necessary should be taken and every company device, technology and digital process equipped with the right protective software.
Design, implement and maintain. In my experience, companies often don’t realize the flaws in their back-up and recovery processes until they’ve been attacked and it’s too late. It’s therefore vital to have an action plan that’s updated on an ongoing basis through proactive testing and scenario planning. Likewise, any threat assessment processes must be updated to account for new and emerging issues thrown up the pandemic, including vendor management considerations. Equally important is employing people who specialize in cyber and data security or having contracts with qualified consultants who can help strengthen your data security.
With no clear end to the pandemic in sight, the blurring of lines between corporate and personal networks will continue for some time – as will the rising threat of ransomware attacks. Taking action to bolster and preserve their cybersecurity should therefore be a top priority for every company, especially in the manufacturing sector.
Indeed, in the same way many companies responded swiftly and commendably to safeguard the safety of their people in the face of COVID-19’s extraordinary threat, now they must do so for their devices and their data.
How Can We Help You?
At Cherry Bekaert, our goal is to help your manufacturing company navigate the complexities of cybersecurity and data security challenges increased by the pandemic. Please contact Steve Ursillo or check out our COVID-19 Guidance Center for more topics that might be of interest to you.