The manufacturing and distribution (M&D) industry has been facing an increase in cyberattacks in recent years.
These attacks have caused businesses to shut down for weeks while they recover in some instances, impacting customers, employees and suppliers. Unfortunately, many M&D business owners don’t know where to begin when assessing and improving their cybersecurity risk management.
In order to help our M&D clients, Baker Tilly has developed the following list of common issues impacting the M&D industry as a starting point to improving your cybersecurity posture and readiness in case of a cyberattack.
Suppliers can introduce unknown risks to your business, whether directly or indirectly, which can lead to increased risk of impact from a cyberattack.
M&D businesses should develop a third-party risk assessment process to evaluate the security risk related to each specific supplier. This could be related to sharing customer data with that supplier and how they plan to protect that data, or it could be related to giving that supplier access to your systems and how they plan to protect that access and, in turn, your company’s data.
Additionally, if you are utilizing a third party for software, whether you deploy that software internally or it is hosted within their environment, you should be assessing the security of their software by requesting SOC reports or through your own internal vulnerability scanning processes.
When enabling connections outside of your organization (e.g., internet-facing systems or applications), perimeter security becomes a top concern. Organizations should carefully consider how they enable connections to the internet, including the use of firewalls that include intrusion prevention systems (IPS). Additionally, organizations should lock down access to those systems and sites through federated access controls and enabling multifactor authentication (MFA).
During COVID, many organizations opened up their internal network to the internet so that employees had access to those systems from home. However, in enabling a remote workforce, many organizations did not properly secure the access to their internal network.
Remote access should be enabled through the use of a virtual private network (VPN) solution that integrates with your firewall, and MFA should be enabled on that VPN solution for added security. You should not allow employees to directly connect to their systems through Remote Desktop Protocol (RDP) directly over the internet from their home computers.
In the older days of manufacturing, production line services were manually operated and did not have the capabilities to be monitored or controlled over a network. However, as manufacturing equipment has matured, these capabilities have become standard on most equipment, increasing the cybersecurity threat to production lines.
Manufacturing organizations that utilize these new capabilities should assess the risks they may introduce into their business operations. Network-connected manufacturing equipment should be deployed on a segmented network that is protected through a firewall and cannot be directly accessed from the back-office corporate network. Machines that need internet access for monitoring or updates should be tightly controlled through firewall rules, only enabling the specific services and ports that these machines need to function.
Far too often, organizations don’t properly segment or protect these networks and pay the price when a cyberattack occurs, as business operations grind to a halt when production line employees can no longer access these machines to perform their job functions. Ransomware attacks specifically target these networks, as it typically makes the company more likely to pay in order to resume their business operations as quickly as possible.
"Hope for the best, but plan for the worst” is a saying that we have all heard. And that is exactly what organizations do when they develop a business continuity (BC) and disaster recovery (DR) plan.
The first thing an organization must do is identify its critical business functions and the supporting IT services and infrastructure responsible for those functions. Then it can assess the impact of those business functions being unavailable for a certain period of time. And finally, it can implement proactive measures to backup those systems for recovery if an incident occurs, or implement resiliency capabilities (such as uninterruptible power supplies, generators, redundant HVAC services, redundant internet services, etc.) to minimize the impact when a service is unavailable.
Backups are one of the greatest weapons against ransomware attacks; however, an organization needs to regularly test the restorability of its backups and maintain offline or immutable copies of those backups that will not be impacted during a ransomware attack.
IT operations is responsible for the day-to-day upkeep of the network, systems and applications required to keep a business operational. These activities include system hardening, controlling access to systems and applications, patch management, and many more. However, an organization should also evaluate the effectiveness of its IT operations team through the use of penetration testing and vulnerability scanning. These tests help identify improvement areas for the IT operations team and uncover risk areas that the business should mitigate.
For more information on this topic, or to learn how Baker Tilly specialists can help, please connect with our team.