Avoid becoming a high value online target.
Given the digitization of all aspects of manufacturing, companies are high value targets for cyber criminals looking to steal critical intellectual property such as trade secrets, product designs, and customer lists that can be sold to the highest bidder half way around the world.
While the threat of a successful cyberattack can’t be eliminated entirely, the following will reduce the risk:
Protect the “Crown Jewels.” Identify and properly secure all data that’s critical to the business (such as trade secrets, intellectual property). This can be done in a variety of ways, including centralizing, tagging and encrypting data. Consider “airgapping” the most critical data by storing it in a system not connected to the internet that has robust credential authentication protocols. Have backups to recover lost or damaged data.
Secure the supply chain. Manufacturers depend on their supply chains, but this comes with risk if vendors, service providers and other third parties are given physical and/or digital access to the manufacturer’s network.
Typical supply chain cyber security measures include: buying only from trusted vendors; disconnecting critical machines from outside networks; and educating users on threats and protective measures. Ensure service providers meet the security requirements (such as using “commercial grade” instead of free anti-malware software that’s less frequently updated with critical patches).
Practice good cyber hygiene. Successful cyber attacks are often the result of insufficient employee awareness and training. For example, cyber criminals can gain access to a network by sending an employee an e-mail that appears to be from a trusted source. It asks the employee to log onto a bogus page that requests a user name and password or click on a link that will download spyware or other malicious programming.
Put practical and effective cyber policies in place and provide employees with regular training that helps them identify and correctly deal with potential threats. Businesses with high employee churn should conduct training more frequently.
Have insurance. It’s a key part of risk management and offers significant protection from unplanned events. Consider investing in insurance that covers network breaches, data loss and potential litigation costs. That said, cyber-risk insurance may only cover a fraction of the cost related to an attack. That’s why it’s important to have sufficient financial resources to weather a cyber attack and ensure business continuity.
Build a cyber monitoring team. It should consist of knowledgeable managers and professionals (internal and external) who will meet regularly to asses threat levels, discuss how to address gaps and make recommendations to management on how to protect digital assets.
Cyber criminals will seek out manufacturers as high value targets for the foreseeable future. Take reasonable steps to protect your digital assets.
Imran Ahmad is a lawyer at the Toronto law firm Cassels Brock & Blackwell LLP. Follow him on Twitter: @imranvpf.
This article appears in the October 2015 issue of PLANT.