Featured Product
This Week in Quality Digest Live
Management Features
Aron Solomon
When minimum isn’t enough
Ian Williamson
Bosses need to get used to it
Angus Robertson
Avoiding the blind side
Maureen Metcalf
Speed and efficiency don’t happen by accident
W. Edwards Deming
More than 40 years later, has much changed? What do you think?

More Features

Management News
Control System Integrators Association’s certification program demonstrates dedication to continuous improvement
Eiger Fleet to enable more control and automation of distributed manufacturing
Is the future of quality management actually business management?
Sept. 16, 2021, at the Duke Energy Center in downtown Cincinnati
Morse has a long history with the center, both as a faculty researcher and for serving as the center's deputy director since 2010
Siemens introduces PCBflow, a secure, cloud-based solution for accelerating design-to-manufacturing handoff for printed circuit boards
Includes global overview and new additive manufacturing section
Tech aggravation can lead to issues with employee engagement, customer experience, and business results

More News

Steven Brand

Management

Cybersecurity for Manufacturers

Eight ways to prevent attacks

Published: Monday, June 25, 2018 - 11:01

Many consider 2017 the “worst year ever” for data breaches and cyber attacks, largely due to the rise in ransomware, and IT experts predict it’s only going to get worse. According to the Online Trust Alliance (OTA), a nonprofit that works to develop tools and best practices that enhance internet security, cyber attacks targeting manufacturers and others nearly doubled in volume from the previous year.

The worst of the worst? WannaCry, which struck in May 2017, infecting approximately 300,000 computer systems, encrypting files and demanding a Bitcoin payment to decrypt them.

Although large manufacturers may become victims due to their name and the news value, small and medium-sized manufacturers (SMMs) are vulnerable because they’re less likely to have strict security protocols in place, making them easy targets. According to studies by the Manufacturers Alliance for Productivity and Innovation and IBM, nearly 40 percent of surveyed manufacturing companies were affected by cyber incidents during the past 12 months, and 38 percent of those affected indicated that cyber breaches resulted in damages in excess of $1 million. Just ask Boeing. In mid-March of 2018, WannaCry reared its ugly head again, putting the aerospace industry on high alert. Concerns over whether vital airplane-production equipment could be taken down ran rampant, while SMMs serving Boeing wondered whether their facilities were at risk as well. Thankfully, the consequences of the attack were minimal, with Linda Mills, head of Boeing communications, reporting that the vulnerability was limited to only a few machines, and the deployment of software patches allowed for business to continue as usual.

There are other reasons manufacturers have a target on their production systems. For one, all manufacturing facilities are different, and there’s no one uniform cybersecurity policy that manufacturers can adopt across the board. In addition, many older facilities continue to use outdated legacy equipment, increasing their vulnerability. These factors and others even led to cybersecurity expert Roel Schouwenberg focusing on the threat of cyberattacks during his keynote address at the 2018 IndustryWeek Manufacturing & Technology Conference & Expo.

So, what are some steps manufacturers can take to reduce the risk of a cyberattack?

1. Install antivirus software
To protect against viruses, spyware, and other malicious code, make sure all computers are equipped with antivirus software and anti-spyware. Software is available online from a variety of vendors, and most regularly provide patches and updates to correct vulnerabilities and improve functionality. Be sure to configure all software to install updates automatically.

2. Secure your networks
Safeguard your internet connection by using a firewall. If you have a Wi-Fi network, make sure it is secure and hidden. To hide your Wi-Fi network, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password-protect access to the router. In addition, if you store sensitive information on servers or databases, be sure to encrypt it. If an employee can easily export sensitive data as an unencrypted file, those data are not secure.

3. Educate employees
Employees can often be a manufacturers’ biggest vulnerability, so education is key. Make sure employees are aware of online threats and understand how to protect sensitive data; consider providing examples of what a suspicious email may look like, and who to report it to. A comprehensive course with a cybersecurity expert may be most beneficial.

4. Restrict employee access
Review employees’ roles and privileges regularly to be sure they are only able to view and access data that are necessary to their assigned job. This way, if an employee falls victim to an attack, the spread and scope of the attack will be minimized. With more employees working from home or remotely, restricted access is a necessity.

5. Use strong passwords
It may seem like a hassle having to use upper and lowercase letter, numbers, and special symbols, but it’s an easy way to prevent cyber threats. For extremely sensitive data, you might also consider implementing a two-step authentication system to gain entry.

6. Back up critical data
Regularly back up the data on all computers. If a breach occurs, you’ll want to recover your data quickly, and regular backups are the best way of doing this. Consider both onsite and off-site backups (you can use the cloud for this) to reduce downtime regardless of the severity of the breach. Back up data automatically if possible, or at least weekly.

7. Purchase cyber insurance
Cyber insurance can’t help you retrieve data, but if you’re dealing with sensitive customer information, such as social security numbers or credit card information, an insurance policy can cover your liability if a hacker steals or gains access to this data. A recent Industry Today story outlines the need and the types of insurance available to SMMs.

8. Consider a partner cloud provider
If all this sounds daunting, you might consider moving to a virtual private cloud (VPC) hosted by a reputable cloud provider. VPCs offer heightened security and compliance, and can even have significant cost benefits. A disaster recovery as a service (DRaaS) provider, or security as a service (SECaaS) can also help protect your data and your recovery time in the event of attack. Plus, many providers operate more as a partner, giving you access to IT experts 24/7.

It’s no longer enough to hope for the best. Today, manufacturers must plan for the worst. By increasing internal security protocols or considering an external vendor to monitor dangers for them, manufacturers can protect themselves and their customers from the ongoing threat of cyber attacks.

First published on the CMTC blog.

Discuss

About The Author

Steven Brand’s picture

Steven Brand

Steven Brand is the strategic communications manager at  California Manufacturing Technology Consulting (CMTC) where he provides strategic communications expertise for all of CMTC’s programs and services. Brand also is an instructor of leadership and management courses at UCLA Extension.