By Rich Scott
World Economic Forum’s 2018 Regional Risks for Doing Business report ranked cyberattacks as the top threat to organizations in North America, Europe, and the East Asia and Pacific region.
Why? Because these are the areas where manufacturing and technological advancements flourish, making them a breeding ground for cybercriminals.
Industries like retail, healthcare, and financial institutions actually have typically invested in cybersecurity more than manufacturers, even though data breach news coverage may indicate otherwise.
However, for manufacturers, leaving yourself open to security vulnerabilities invites hackers to take advantage of weak points in your technology which, in many cases, wasn’t built to suppress today’s digital threats. Still, according to Deloitte’s cyber risk in advanced manufacturing study, one-third of manufacturers say their cybersecurity budgets have remained flat or decreased over the past three years.
Whether it’s to capture Intellectual Property (IP), Personally Identifiable Information (PII), or simply disrupt operations, hackers now have more attack angles, across more devices, than ever before. And, by exploiting a single vulnerability, they are able to move laterally across network infrastructure.
Smart Manufacturing, Criminals
The success of domestic and nation state cybercrime in recent years, particularly in the manufacturing space, can largely be attributed to an inability to secure the Internet of Things (IoT). Ironically, these emerging technologies, while advancing business and industry, have contributed to never-before-seen levels of data breaches. This goes hand-in-hand with the proliferation of smart manufacturing or Industry 4.0, as industrial manufacturing continues to inch closer toward enhancing the customer experience.
All manufacturing is shifting to digital. From supply chain to production, distribution, and analytics, systems are getting smarter and more interconnected every day. Each one of these touch points represents a potential threat, and many integrate their controls or reporting with mobile devices.
These devices range from control systems to the smartphones of personnel on the shop floor. And they’re often intentionally ignored by IT and Information Security professionals in favor of improving business performance rather than promoting mobile security. Yet, they present all of the same threats that an employee’s PC could – and then some.
Mobile Security Breaches
Regardless of the source of a breach, the consequences can be dire – especially for manufacturers. However, IT security professionals said mobile devices are the hardest enterprise asset to defend.
Here are some of the impacts a manufacturer can expect if they end up breached:
Financial Losses – The cost of a data breach averages $7.91 million in the U.S., and $3.86 million globally.
Lost Productivity – A breach can seriously disrupt or even halt production, leading to bottlenecks, production errors, and customer attrition.
Government Scrutiny – Investigations, fines, and lawsuits await companies who are breached – especially now that strict sanctions have been imposed through the SEC, GDRP, PIPEDA, and national agencies.
Identity Theft and Fraud – One in three victims of a data breach later go onto experience an identity crime. Those are your employees, customers, and partners, who will be looking to you to correct the damages.
Prepare for Mobile Threats
There’s no way to entirely prevent a data breach from occurring, and it’s next to impossible to properly institute a mobile security policy in light of Bring Your Own Device (BYOD). But, by doing nothing, you’re almost guaranteeing a breach will occur via a mobile device connected to your network.
Perhaps the most important angle to cover is education.
Employee negligence remains the primary cause of all data breaches. Every worker, at every level of the organization, should undergo training on how to properly secure their mobile device, how to identify suspicious emails or links, the importance of not connecting to public Wi-Fi, and who they should report an issue to immediately if they suspect something is wrong.
On the more technical site, IT and InfoSec teams should research software to help them better secure mobile devices at their facilities. For instance, rolling out Mobile Application Management (MAM) for their corporate applications is a good way to start. These require passwords to access work emails, calendars, or any other sensitive data transmitted across the network.
There are also mobile threat defense solutions that give IT teams a single-source view over all the mobile devices accessing their network. These tools detect any rogue applications, malware, or other threats that could pose a security risk, and alert administrators in real-time so they can take action before a breach happens.
Whatever your cybersecurity initiatives entail, be sure to allocate a portion of it to defending against mobile threats.
Rich Scott is chief commercial officer of EZShield + IdentityForce, a digital identity protection and cybersecurity solution provider.