Home / Overcoming Security Worries to Move Forward with Digitalization Tactics

Overcoming Security Worries to Move Forward with Digitalization Tactics

Digitalization and Internet of Things technologies will likely increase the volume of cyberattacks. Connected devices, online portals, and sharing of data between enterprises create risks. What can a manufacturer do? Are there safeguards that can be taken? Of course.

Posted: December 28, 2016

Hold fire drills with your workforce on the appropriate responses to threats at all levels. Require out-of-band verification and restrict access to portals based on location. Segment your network so that access gained at one vulnerable point doesn’t automatically doom the entire system. Require multiple authentication for privileged access and make sure employees have the right access level for their roles. (first view)
Hold fire drills with your workforce on the appropriate responses to threats at all levels. Require out-of-band verification and restrict access to portals based on location. Segment your network so that access gained at one vulnerable point doesn’t automatically doom the entire system. Require multiple authentication for privileged access and make sure employees have the right access level for their roles. (second view)

Digitalization is the wave of the future, manufacturing analysts and media pundits tell us. The hype around the trend is reaching staggering levels. Yet, if you look deeper into the details, hunting for definitive deployment rates and percentages of companies that are actually working on digitalization projects, the picture is quite fuzzy. No one seems to know exactly what works, what doesn’t and what muddy quagmires of needless complications you should avoid at all costs. Opinions abound, of course. But who should a manufacturer trust? Do you know?

The answer is “no one.”

Do not place unconditional, blind trust in any one single expert, consultant, or self-appointed guru with the security of your data and digitalization systems. This advice may seem overly skeptical or even alarmist, but that is not the intention. It is simply a reminder to manufacturers to move with caution, care, and commitment to details. That includes doing ninja-level due diligence on researching platform architecture, system security, data storage protocols, back up plans, firewalls and safeguards, government mandates, legal ramifications, and risk analysis. Then on top of that, dot every “i”, cross every “t”, cross your fingers and some good karma wouldn’t hurt either. In other words, take the planning and set-up stage seriously. And accept that nothing is foolproof.

Can you let this lack of complete certainty paralyze you? Of course not, if you want to remain competitive. Managers and C-level executives in manufacturing face risk every day. Whether the risk comes in the guise of a pesky start-up that is underbidding work to steal your customers or in the form of lax enforcement of safety protocols on the shop floor, manufacturers are bombarded with dangerous situations on a regular basis – and they still survive. This level-headed approach is essential when weighing the risks of digitalization tactics. Sometimes, “stay calm and carry on,” is the best advice after all.

Some risks are more detrimental than others, though. This is why regulations are so varied and complex. This is why we expect the federal mandates around parts on passenger jets to be far different than mandates around the manufacture of simple toys. However, the mother of a child who might choke on a battery or be poisoned by lead paint will attest to the fact that even “simple” things shouldn’t be taken lightly. Security of data isn’t child’s play either. Even the fundamentals need scrutiny in a digitalization plan. Size can’t be considered a “free pass” either. Small manufacturers aren’t exempt from the possibility of falling into the cross hairs of a cyber attacker, nor is a huge company automatically protected by big budget tactics. Global giants boasting about their impenetrable safeguards may just be inviting attacks by high tech terrorists who want to claim they brought down the mighty defender.

Attackers can be those thrill seekers who have bragging rights and mischief as their goal. Or they can be highly skilled and organized predators with much more sophisticated schemes for disrupting business, stealing assets, and destroying trust. The FBI says malware (or botnets) has caused over $9 billion in losses to U.S. victims and over $110 billion in losses globally. Approximately 500 million computers are infected globally each year, translating into 18 victims per second. Cybercrime costs the United States more than $110 billion each year according to analysis by the Center for Strategic and International Studies (Washington, DC).

This emerging criminal industry – which didn’t even exist 25 years ago – has already grown larger than the illegal market for cocaine, heroin, marijuana, and methamphetamine. Cybercrime includes stolen identities, fraudulent purchases, theft of funds, phishing schemes, holding data for ransom, and exploiting sensitive data. The offenders are imaginative, resourceful, and always changing their tactics. Three common threats to the manufacturing industry that are constantly being exploited:

  1. Social engineering attacks. Attackers impersonate a high level figure in the organization, requesting funds be immediately transferred to bank accounts overseas. Or the attacker can pose as a low level employee, like a new hire, to gain access to portals, passwords, and data.
  2. Internet accessible portals. Any portal on the Internet creates an opportunity for an attacker to exploit, whether it be through brute forcing of logins / passwords of employees gathered from social media or bombarding the server with excessive requests that cause the site to deny service. Once an attacker gains access, the threat can come in the form of encrypting the data and holding it for ransom.
  3. Insider threat. This can be in the form of a disgruntled employee intentionally misusing access, or it can be by accident that an employee “welcomes in” an intruder. Often, this insider threat is the result of role creep, where an employee’s access is not changed when their functional role changes, resulting in the employee having access to far more data than is needed.

Digitalization and Internet of Things (IoT) technologies will likely increase the volume of assaults and casualties. Connected devices, online portals, and sharing of data between enterprises create risks. What can a manufacturer do? Are there safeguards that can be taken? Of course. There are experts who are legitimate, reliable experts. There are companies you can turn to for support and guidance. You can implement safeguards, back-ups, encryptions, passwords, and systems which have multiple layers of security and verification.

To battle against social engineering assaults, you can establish user education and training, continually reminding and testing users. Like schools that hold fire drills, you can drill appropriate responses to threats into your workforce, at all levels. You can require out-of-band verification and restrict access to portals based on location. Segment your network, so that if access is gained at one vulnerable point it doesn’t automatically mean the entire system is doomed. Also, you can require multiple authentication for privileged access and be attentive to making sure employees have the right access level for their roles.

You can make security a high priority – and that doesn’t mean assigning one poor person to fight the battle alone. The whole company needs to be educated about threats, how to identify an imposter, and how to be vigilant for attacks, watchful for breaches in security, and smart about protecting technology assets, including data. You can be smart about the issues, staying educated about trends and possible safeguards. You can voice your support of security research, federal action, and legal crackdowns on terrorists, of all types. You can vow to stay strong and stay successful, embracing technology, managing risks, and understanding your options, as well as your obligations to your workforce, colleagues and customers.

Subscribe to learn the latest in manufacturing.

Calendar & Events
Southeast Design – 2-Part Show
September 11 - 12, 2013
Greenville, SC
Mid-Atlantic Design – 2-Part Show
September 25 - 26, 2013
Phoenixville, PA
CMTS of Canada
September 30 - October 3, 2013
Mississauga, Canada
Wisconsin Manufacturing and Technology Show
October 8 - 10, 2013
Wisconsin State Fair Park Exposition Center Halls B&C
DISCOVER 2013
October 8 - 16, 2013
Florence, KY
WESTEC 2013
October 15 - 17, 2013
Los Angeles, CA
SOUTH-TEC
October 29 - 31, 2013
Greenville, SC
New England Design-2-Part Show
October 30 - 31, 2013
Marlborough, MA
DMG / Mori Seiki Manufacturing Days
November 12 - 15, 2013
Mori Seiki Manufacturing – Davis, CA
FABTECH
November 18 - 21, 2013
McCormick Place – Chicago, IL
Midwest Design-2-Part Show
November 20 - 21, 2013
Northern Kentucky Convention Center – Covington, KY
PCD Tool Manufacturing
November 20, 2013
United Grinding North America – Fredricksburg, VA