Oct 30, 201812:36 PMLegal Login
with Mindi Giftos
As manufacturing moves into cyberspace, so do security threats
(page 1 of 2)
One of the things that make cybersecurity seem so daunting is the difficulty in understanding the scale of the threat involved. Every day there is a new media report of a major commercial enterprise being victimized by cyber-criminals — compromised databases containing customers’ personally identifying information; ransomware viruses that shut down business operations entirely; spyware that steals valuable proprietary information … the list goes on.
Furthermore, the criminals themselves are rarely brought to justice. Indeed, a great many of them seem beyond the reach of our criminal justice system, regardless of whether their attacks originate here in the U.S. or abroad, where criminals often work hand in glove with state-controlled espionage agencies or foreign corporate entities.
Against threats of this magnitude and sophistication, one might wonder whether the cost-benefit of further operationalizing digital information makes sense. However, as the early adopters of our new information-driven technologies can attest, the benefits are simply too great to ignore. Just-in-time production capabilities, for instance, have radically changed the arithmetic of supply-chain management and manufacturing, making it possible for manufacturers to bring certain kinds of work and jobs back to the U.S. Similarly, precision agriculture supported by wirelessly networked devices allows farmers to respond to crop threats in real time, substantially raising their per-acre production and lowering their overheads. When assessed against the awesome power of information-based processes, the associated cybersecurity issues seem, if not small, at least manageable.
The main disappointment regarding these new technologies is the realization that their implementation and use will not be cost-free, and unfortunately, protecting against cyber-crime constitutes a big part of that cost. Therefore, it is vitally important for all businesses to gain an understanding of the specific threats they are most likely to face.
Manufacturing’s threat profile
The cybersecurity threat profile for each industry is a little different. The 2018 Data Breach Investigations Report, conducted and published by Verizon, does a comprehensive job of explaining how different threats manifest themselves across multiple industries. It also has interesting observations about threats to the manufacturing industry. According to the report, manufacturing is unique among industries in one key respect — most of the cyberattacks are targeted, rather than the crimes of convenience or opportunity more routinely seen across the board. In nearly half the cases involving manufacturing in the Verizon report, stealing intellectual property is the object of the attack, and nine out of 10 involved external threats.
In August 2018, Vectra Networks Inc., a cybersecurity firm, published its 2018 spotlight report on cyberattacks in the manufacturing industry. Consistent with the Verizon report, Vectra’s artificial intelligence-based platforms detected “a higher-than-normal rate of malicious internal reconnaissance behaviors” from attackers inside of manufacturers’ systems and that this “indicates that attackers are mapping out manufacturing networks in search of critical assets to steal or damage.” Once the attacker has identified the data to be stolen, the Vectra report notes that data smuggling is the preferred exfiltration method, where the attacker uses an internal device he or she controls to send the data to an external system.
Given these circumstances, below are five things manufacturers need to consider in connection with data security:
1. Data mapping
Because the main cyberthreat for manufacturers often concerns the company’s own proprietary information, we highly recommend that manufacturers take some time to map their systems and understand what data they have. In many data breaches, compromised data is comprised of data that the company did not even know it had. Undertaking data mapping will help manufacturers understand their vulnerabilities (the worst case scenario) and take steps to eliminate needlessly redundant access points to sensitive data. This step will also ensure that companies are more readily able to comply with rapidly emerging privacy laws, such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act.