Why manufacturing companies need to up their cybersecurity game
In order to stay competitive, manufacturing companies are replacing analog processes with digital. Some examples are networking machinery along with computers, using CAD/CAM data files, integrating machine-learning software, and let's not forget introducing Industry 4.0 devices. With the move comes increased capability and convenience, but like most things convenient, there is a cost.
Dan Hanson, in his Marsh & McLennan Agency's post Many Owners And Managers Assume They Have No Exposure. Wrong, cautions that manufacturing companies, in particular, small and mid-size organizations, are becoming more susceptible to cyberattacks including data breaches.
"The 2016 Marsh & McLennan Agency's Cyber Survey found that 50 percent of small/midsize companies have experienced a cyber-attack," writes Hanson. "And manufacturing along with other nonfinancial, non-retail, non-technology industries are now prone to data breaches."
Looking at why, Hanson suggests:
- Manufacturing companies are increasingly warehousing data of interest to cybercriminals; and
- Primary targets (for example, banks and tech companies) have beefed up security, making manufacturing companies the new low-hanging fruit.
What's a manufacturer to do?
What are manufacturing companies up against? Team Thomas of Thomasnet.com, a supplier-discovery and product-sourcing platform, enlisted the Hackett Group to identify major risks manufacturing companies are likely to face in the coming year. Team Thomas published their results in the report The Six Biggest Risks Facing Your Manufacturing Business Today. Here's what they found.
1. Cybersecurity breaches: Manufacturing companies were not known for storing sensitive information, but that has changed in a big way, and cybercriminals are noticing. "Generally, cybercrimes on manufacturing companies are designed to either steal intellectual property (IP) or cause some kind of physical disruption to a company's operations," mentions the report. "These disruptions can result in serious material damage, leading to high repair costs and significant downtime."
Team Thomas warns that Internet of Things (IoT) devices offer cybercriminals the chance to gain access to a normally secure network, affording the attackers a "foot in the door" so to speak
2. IP theft and industrial espionage: Intellectual property (IP) runs the gamut from product proposals to digital prints, and trade secrets to proprietary manufacturing processes. "Although it is explicitly illegal, stolen IP may be very tempting to competitors," notes Team Thomas. "Using another company's trade secrets to improve their own products and processes, shady competitors can then manufacture comparable products for a lower price point while saving money on research and development."
Companies, including manufacturers, prefer not to consider the threat from employees—current and former. The report adds that since the crime is committed within the company, it is difficult to prosecute. Team Thomas offers the following suggestions for combating internal threats:
- Develop a multi-step plan that prioritizes the value of data, determines the most critical and sensitive aspects of the business, and applies security measures accordingly;
- Implement segmented networks that section off the most valuable data, making it accessible to only a few trusted individuals;
- Perform regular insider threat detection and prevention audits;
- Inform employees about the risk of using personal devices within the facility and educating them on best cyber practices; and
- Communicate with vendors and suppliers to ensure all links in the company's supply chain are enforcing security initiatives.
3. Disruptive innovation: The phrase disruptive innovation, championed by Clayton M. Christensen in 1995, refers to where a business identifies and exploits a market overlooked by more mainstream businesses. While this is not a cybersecurity issue, stolen IP will help a dishonest company disrupt the market quicker and more easily.
A prime example offered by Team Thomas in the Hackett Group report is the collapse of the movie rental company Blockbuster by the then startup Netflix. The report adds, "The story of Blockbuster and Netflix serves as a cautionary tale for large companies, reminding them to pay attention to their smaller competitors."
4. Lack of access to critical talent and the skills gap: The cybersecurity profession is not the only industry facing a lack of skilled workers—manufacturing is as well. "Based on data collected from company executives, current employees were lacking in key competencies such as computer use, problem-solving, and math skills," explains the report. "Without these capabilities, companies may be limited in their ability to meet customer demand, adopt new technologies, increase productivity, expand into new markets, and develop new products."
Besides not meeting the manufacturing company's needs including understanding cybersecurity practices, the lack of the key competencies described above increase the risk of employees falling for targeted attacks like phishing.
5. Regulatory issues: Manufacturing companies, regardless of size, now have the ability to reach markets across the globe—this is a good thing; however, there is the matter of regulations. "Organizations must also adhere to a wide range of industry standards and check in regularly with a number of different agencies," suggests the report. An example is the General Data Protection Regulation (GDPR) that recently became enforceable.
6. Intensified global competition: Manufacturing companies in the US do not have a lock on international access, competing companies in other countries do as well. As global competition heats up, manufacturers will need to make sure they have all their ducks in a row. This should be a huge wake-up call where cybersecurity is concerned; not all companies are honest, and stealing trade secrets or defaming a company is not out of the question.
Source techrepublic
Industry: Cyber Security News
Latest Jobs
-
- Account Director | Cyber Security Consulting | UK - South East
- London
- N/A
-
Account Director | Cyber Security Consulting - Financial Services | UK - South East. New Role due to Growth We are looking for an experienced Account Director to develop and expand existing relationships across the financial services sector, working with investment firms, asset managers, private equity groups and strategic partners to deliver intelligent cyber consulting and a bespoke Cyber product offerings. You will act as a trusted advisor, helping organisations strengthen digital resilience, manage third-party and regulatory risk and adopt a proactive approach to cyber assurance. Key Responsibilities Manage a defined portfolio of financial clients, understanding business priorities and aligning tailored cyber solutions. Drive new client engagement while nurturing existing partnerships through a consultative, long-term approach. Present the benefits of advanced cyber services including threat intelligence, vulnerability management, incident readiness, and continuous risk monitoring. Collaborate with technical and delivery teams to ensure smooth engagement from proposal through to implementation and ongoing support. Prepare proposals, negotiate commercial terms, and clearly articulate value and business outcomes. Build trusted relationships at senior and board level. Ideal Profile Strong background in cybersecurity, consulting, or risk management within financial services. Skilled communicator with proven success managing and growing key accounts. Able to translate complex technical insight into commercial and strategic value for clients. Confident engaging with senior stakeholders and decision makers. Please note: Sponsorship is not available.
-
- SOC Analyst- Level 2- Hybrid Greater London
- London
- N/A
-
SOC Analyst- Level 2- Hybrid Greater London New opportunity created through continued growth. We’re looking for a SOC Analyst (Level 2) to strengthen a growing managed security team. You’ll work hands-on with Microsoft Sentinel and Defender XDR, investigating alerts, responding to incidents, and helping improve how clients stay protected. This role is ideal for someone who enjoys unravelling security events, thinking critically under pressure, and making a real difference day to day. What you’ll do · Investigate and respond to security activity across SIEM and endpoint tools · Analyse network and log data to uncover real threats · Support automation initiatives to streamline response processes · Help maintain visibility, data flow, and performance across SOC platforms What you’ll need · Practical experience using Microsoft Sentinel and Defender XDR · Confident working with KQL or similar query languages · Understanding of attacker tactics and response techniques · SC-200 certifications would be nice. · Experience supporting multiple customer environments Please note: Sponsorship is not available.
-
- Senior SOC Engineer - UK - New role due to growth
- London
- N/A
-
Senior SOC Engineer – New role due to growth We are hiring a Senior SOC Engineer to take the lead across security operations for a growing managed service. You will lead detection, response and onboarding activity across multiple clients, helping shape how the SOC evolves. Expect variety; from fine-tuning alerts and threat hunting to supporting customers and mentoring junior analysts. What you’ll bring · Strong experience across SIEM, EDR, and threat detection tools · Confident working with customers in a managed service environment · Skilled in scripting or query languages such as KQL or PowerShell · Knowledge of frameworks like NIST, ISO27001, MITRE ATT&CK · Calm communicator with a problem-solving mindset · Experience with Azure Lighthouse or delegated access models · Prior involvement in automation or SOC improvement projects Location: South East England- Hybrid role Please note: Sponsorship cannot be offered now or in the future.
-
- SENIOR Cyber Risk Consultant. Cyber Risk consultancy - the right way. UK. Hybrid - Remote first
- United Kingdom
- N/A
-
Senior Cyber Risk Consultant needed. New position due to growth Seeking a passionate Cyber Security Risk Consultant who enjoys helping clients make a different to their business. Dedicated training budgets, Unlimited holiday structured career path, Work life balance guaranteed Cyber Risk consultancy done the right way. A successful individual will have experience working with clients to identify business cyber security risk. This is a remote first opportunity which means you will spend the majority of your time working remotely. You will however spend some time meeting clients as well as meeting up with the team on a monthly basis.. Some of the nice to have certifications. CRISC, ISO27001 Lead implementer, CISA, CISM, CISSP Unable to offer Visa sponsorship now or in the future.