Overcoming Security Worries to Move Forward with Digitalization Tactics

Digitalization is the wave of the future, manufacturing analysts and media pundits tell us. The hype around the trend is reaching staggering levels. Yet, if you look deeper into the details, hunting for definitive deployment rates and percentages of companies that are actually working on digitalization projects, the picture is quite fuzzy. No one seems to know exactly what works, what doesn’t and what muddy quagmires of needless complications you should avoid at all costs. Opinions abound, of course. But who should a manufacturer trust? Do you know?

The answer is “no one.”

Do not place unconditional, blind trust in any one single expert, consultant, or self-appointed guru with the security of your data and digitalization systems. This advice may seem overly skeptical or even alarmist, but that is not the intention. It is simply a reminder to manufacturers to move with caution, care, and commitment to details. That includes doing ninja-level due diligence on researching platform architecture, system security, data storage protocols, back up plans, firewalls and safeguards, government mandates, legal ramifications, and risk analysis. Then on top of that, dot every “i”, cross every “t”, cross your fingers and some good karma wouldn’t hurt either. In other words, take the planning and set-up stage seriously. And accept that nothing is foolproof.

Can you let this lack of complete certainty paralyze you? Of course not, if you want to remain competitive. Managers and C-level executives in manufacturing face risk every day. Whether the risk comes in the guise of a pesky start-up that is underbidding work to steal your customers or in the form of lax enforcement of safety protocols on the shop floor, manufacturers are bombarded with dangerous situations on a regular basis – and they still survive. This level-headed approach is essential when weighing the risks of digitalization tactics. Sometimes, “stay calm and carry on,” is the best advice after all.

Some risks are more detrimental than others, though. This is why regulations are so varied and complex. This is why we expect the federal mandates around parts on passenger jets to be far different than mandates around the manufacture of simple toys. However, the mother of a child who might choke on a battery or be poisoned by lead paint will attest to the fact that even “simple” things shouldn’t be taken lightly. Security of data isn’t child’s play either. Even the fundamentals need scrutiny in a digitalization plan. Size can’t be considered a “free pass” either. Small manufacturers aren’t exempt from the possibility of falling into the cross hairs of a cyber attacker, nor is a huge company automatically protected by big budget tactics. Global giants boasting about their impenetrable safeguards may just be inviting attacks by high tech terrorists who want to claim they brought down the mighty defender.

Attackers can be those thrill seekers who have bragging rights and mischief as their goal. Or they can be highly skilled and organized predators with much more sophisticated schemes for disrupting business, stealing assets, and destroying trust. The FBI says malware (or botnets) has caused over $9 billion in losses to U.S. victims and over $110 billion in losses globally. Approximately 500 million computers are infected globally each year, translating into 18 victims per second. Cybercrime costs the United States more than $110 billion each year according to analysis by the Center for Strategic and International Studies (Washington, DC).

This emerging criminal industry – which didn’t even exist 25 years ago – has already grown larger than the illegal market for cocaine, heroin, marijuana, and methamphetamine. Cybercrime includes stolen identities, fraudulent purchases, theft of funds, phishing schemes, holding data for ransom, and exploiting sensitive data. The offenders are imaginative, resourceful, and always changing their tactics. Three common threats to the manufacturing industry that are constantly being exploited:

1. Social engineering attacks. Attackers impersonate a high level figure in the organization, requesting funds be immediately transferred to bank accounts overseas. Or the attacker can pose as a low level employee, like a new hire, to gain access to portals, passwords, and data.
2. Internet accessible portals. Any portal on the Internet creates an opportunity for an attacker to exploit, whether it be through brute forcing of logins / passwords of employees gathered from social media or bombarding the server with excessive requests that cause the site to deny service. Once an attacker gains access, the threat can come in the form of encrypting the data and holding it for ransom.
3. Insider threat. This can be in the form of a disgruntled employee intentionally misusing access, or it can be by accident that an employee “welcomes in” an intruder. Often, this insider threat is the result of role creep, where an employee’s access is not changed when their functional role changes, resulting in the employee having access to far more data than is needed.

Digitalization and Internet of Things (IoT) technologies will likely increase the volume of assaults and casualties. Connected devices, online portals, and sharing of data between enterprises create risks. What can a manufacturer do? Are there safeguards that can be taken? Of course. There are experts who are legitimate, reliable experts. There are companies you can turn to for support and guidance. You can implement safeguards, back-ups, encryptions, passwords, and systems which have multiple layers of security and verification.

To battle against social engineering assaults, you can establish user education and training, continually reminding and testing users. Like schools that hold fire drills, you can drill appropriate responses to threats into your workforce, at all levels. You can require out-of-band verification and restrict access to portals based on location. Segment your network, so that if access is gained at one vulnerable point it doesn’t automatically mean the entire system is doomed. Also, you can require multiple authentication for privileged access and be attentive to making sure employees have the right access level for their roles.

You can make security a high priority – and that doesn’t mean assigning one poor person to fight the battle alone. The whole company needs to be educated about threats, how to identify an imposter, and how to be vigilant for attacks, watchful for breaches in security, and smart about protecting technology assets, including data. You can be smart about the issues, staying educated about trends and possible safeguards. You can voice your support of security research, federal action, and legal crackdowns on terrorists, of all types. You can vow to stay strong and stay successful, embracing technology, managing risks, and understanding your options, as well as your obligations to your workforce, colleagues and customers.