Managing risk for cyber security in the manufacturing sector is essential, yet it can pose quite a challenge. Even finding out about possible risks can be difficult, let alone finding the solutions!
A recent study from Deloitte and the Manufacturers Alliance for Productivity and Innovation (MAPI) took an in-depth look at six emerging themes, to offer advice on security, vigilance and resilience, in the case of cyber attacks.
- Executive and board engagement
- Talent and human capital
- Intellectual property
- Industrial control systems
- Connected products
- Industrial ecosystems
After interviewing 35 executives, and collecting 225 survey responses, in collaboration with Forbes Insights, the report concluded that:
“Given the highly connected environments manufacturers work in, and the pace of technological change they face, cyber risk is a top-of-mind industry issue. In fact, nearly half of the executives we surveyed lack confidence they are protected from external threats, and it is increasingly important for organisations to assess their organisation’s risk profile and preparedness in the event of a breach or cyberattack.”
So, what steps can manufacturing firms put in place as a precaution against the risk of online security attack? Using the study, Infor has offered the 10 steps manufacturers should take to reduce the risk posed by cybersecurity.
How manufacturers can easily manage cyber security and risk
Get full support
Your Chief Information Security Officer can’t do this alone. They need the support of management and leadership, in order to accomplish the company’s objectives for cybersecurity risk.
Broadly assess the risks
When you perform a cyber risk assessment, you need to include industrial control systems (ICS), enterprise, and connected products. You also need to ensure that recent assessments included all the advanced manufacturing cyber risks, like ICS, IP protection and connected products. Don’t forget to assess for the third party risks that are related to industrial ecosystem relationships.
Share the risk profile
The results of your cyber risk assessment, and the strategy you develop from that, should be shared with executive leadership and the board. By engaging the entire team with the process, and telling them about the business impact posed by cybersecurity risks, you can encourage prioritisation of risk-addressing resource allocation.
Build security directly into your processes
When you evaluate the investment your business is making in emerging manufacturing technologies, connected products, and Internet of Things (IoT), do they go hand-in-hand with your cyber risk strategy? Are enough resources and talent in cybersecurity allocated to those projects, to allow cyber risk management to be baked in?
Data is an asset
Manufacturers need to change their mindset from a transactional model to understanding that certain data in and of itself could be an asset. This will strengthen the link between the business value given to the data and the strategies and processes put in place to protect it.
Assess the risk of third parties
All industrial ecosystem relationships can pose a third-party cyber risk. Evaluate all your mission-critical relationships and take a close look at the strategies in place to mitigate and protect against those risks.
constant vigilance
You must be vigilant with developing, implementing and evaluating your cybersecurity monitoring system, so you always know the potential impact of a security breach.
Preparation is key
Conduct tabletop or wargaming simulations, to check on and increase the resiliency of your organisation against cybersecurity incidents or breaches. Involve key business leaders, and IT, in the exercise.
Make responsibilities clear
Clarify the organisational ownership of cyber risk management responsibilities with the executive leadership team. Ensure that there is clear ownership for each element of the cyber risk strategy, as well as a leader with the responsibility to oversee the program.
Increase awareness
Make employees aware of their individual responsibilities for cybersecurity, and get them on board to help mitigate the risks related to social engineering, phishing, and protecting sensitive or IP data. Give them the appropriate paths for escalation and reporting of unusual activity or concerns.
To find out more about how Infor can help manufacturers to manage cybersecurity risks, take a look at our Infor manufacturing software or get in touch to talk to us.
Running ERP software or other business-critical applications on the IBM i (AS400)? Learn more about leading IBM i (AS400) security products from Raz-Lee .
Posted by Paul on 30th November 2016.