The manufacturing industry lags behind other industries in its adoption of best practices to protect itself against cyberattacks. Companies who fail to put appropriate IT security measures in place - many of which are preventative in nature - run the risk of falling prey to a cyberattack, which is occurring with greater frequency within the industry.
According to the Verizon 2015 Data Breach Investigations Report, 525 separate incidents of cyberattack, often in the form of cyber-espionage, were reported in the manufacturing segment. That number is more than double the 251 incidents reported in 2014. It only takes a single data breach to damage the trust you have developed with your customers and investors or to lose vital information about your own processes or proprietary information you have developed.
The manufacturing industry has been slower to protect itself than other industries, such as healthcare and financial services, because it has not been regulated when it comes to information security practices. The healthcare industry must abide by the rules of the Health Insurance Portability and Accountability Act (HIPAA). The financial services industry must abide by the Payment Card Industry Data Security Standards and the Graham-Leach-Bliley Act.
What is the subject of these cyberattacks in manufacturing?
The Federal Bureau of Investigation (FBI) estimates that hundreds of billions of dollars of US-based intellectual property is leaving the US through computer-based attacks each year. These attacks are often done in the name of competition, and in some instances, are perceived as standard business practice in other countries and cultures.
Why the spike in cyberattacks?
For any number of reasons, including the desire to steal ideas, proprietary processes, patents, designs, and formulas as well as an increasingly competitive global marketplace. Changes in the way we work make our networks more vulnerable, if preventative steps are not taken.
Research from Dell Computer reveals that changes in our work habits open the door to cyberattacks:
You want your people to have ready access to critical data, and they often need that access from their own devices. At the same time, your customers want to know that their data is safe, and your investors want to know that your network is secure.
Those who conduct cyberattacks generally look for the easiest, most vulnerable access point to your network, much like a home invader will look for an unlocked door or window. All of these reasons are the "why" you need to protect yourself as a manufacturer.
How to protect your business?
On an individual basis, take these measures:
You also have the ability to restrict mobility and cloud access in order to improve your data security.
On the company level, implement these steps if they are not already in place:
IT security must be seen as an ongoing process, not an annual event. If you approach this practice as an annual event, an attack could have occurred months before it is detected and comes at a very high cost. You could lose proprietary information, the identification of product locations (which opens the door to product theft), loss of inventory, and loss of market share. Each loss implies an increase in the ultimate cost of the product to consumers and raises the profile of cyber security in the consumer's mind. It is a vicious, costly circle.
It is true that none of these steps can guarantee that your company will never be the target of a cyberattack. But if implemented and monitored, you will have taken steps to make sure that such an attack will be more difficult and less likely to occur. Cybersecurity should become a priority across your manufacturing organization.
Questions? Contact your Berdon advisor or Matthew Jahrsdoerfer, CPA, Berdon LLP, New York Accountants
This article was first published in Client Alert 10.18.16