This page contains a Flash digital edition of a book.
Page 18


ManageMent www.us-tech.com


New Thinking is Required to Protect Manufacturing Data


By Isaac Kohen, Founder and CEO, Teramind


are all examples of “crown jewel” da- ta that manufacturers must protect. In the brave new world of networked data, mobile devices and the Internet of Things (IoT), manufacturers need to shift their thinking to protect this critical information. Before the Internet, mobile de-


S


vices and cloud-based applications, manufacturing was disconnected and largely isolated. Control was much easier to be had when the perimeters were defined by the physical facility. Data security was never an issue, rather, the issues were of perform- ance, safety and reliability.


upplier information, customer data, processes and procedures, and intellectual property (IP)


Harder to Stay Safe As more systems are networked


together, their points of weakness multiply. Hackers don’t need to de- feat an entire system, they need only to exploit a single weak point, such as a software bug, poor password or a negligent or even malicious employee with security credentials. A few years ago, Foxconn was


breached by a hacktivist group that released employees’ login informa- tion. In 2017, the WannaCry ran- somware attack affected more than 200,000 systems in 150 countries around the world. While the malware was not explicitly designed to target industrial control systems, it man- aged to infiltrate them nonetheless.


The Verizon 2017 Data Breach


Investigation Report noted that most computer intrusions in the manufac- turing industry begin with a well- crafted spear-phishing e-mail. This message contains a malicious link or attachment that is sent to a company employee. In such cases, malware is installed after the attachment is opened, giving the attacker remote access to an internal computer. In 2016, social engineering and


malware-based cyber attacks com- bined accounted for 73 percent of da- ta breaches in the manufacturing sector. Cyber espionage is another drive behind many attacks. As Veri- zon stated in its report: “When you make stuff, there is always someone else who wants to make it better, or at least, cheaper. A great way to make something cheaper is to let someone else pay for all of the R&D and then simply steal their intellec- tual property.” A recent threat intelligence re-


drive in


CrimpCenter 36 S High Speed, Fully Automatic Crimping


Equipped with high precision technology, the CrimpCenter 36 S features a compact  possibilities allow for a variety of applications to be processed with cross sections from 0.13 to 6 mm² (26 - 10 AWG) for maximum productivity. The CrimpCenter 36 S has the most intuitive touchscreen interface for fast changeovers, making it ideal for low volume, high-mix jobs as well as larger production runs.


schleuniger-na.com/cc36s_us


port found that cyber attacks in- creased 24 percent globally during the second quarter of 2017, compared with the first three months of the year — with the manufacturing in- dustry being the most heavily target- ed. The report goes on to attribute the increase of attacks within manu- facturing to three factors: fierce com- petition in a sector where IP is at a premium; the fact that industrial control systems are often left un- guarded; and a lack of investment in cybersecurity, due to a focus on pro- ductivity and efficiency. Increased connectivity through


use of the IoT opens the door to addi- tional vulnerability as well. The report also highlights that 21 percent of man- ufacturers have suffered a loss of IP in cyberattacks, and more than 90 per- cent of the material stolen has been classified as secret or proprietary.


Taking Steps to Battle Threats The need to protect operations,


IP, and infrastructure assets, as well as customer and employee informa- tion requires a heavy focus on data security. The following are a few rec- ommendations to help protect data:


l Segment sensitive data from non- Employ a policy of least privilege


sensitive data. l


access to data can have it. l


to ensure that only those who need Ensure the security of IoT devices,


while ensuring the security of net- work computers and other hard- ware. This includes changing any default passwords and using strong password policies.


To Be Precise.


l Craft a policy that dictates what is allowed regarding use of mobile


devices to access network data. l


not if, a data breach occurs, a ready incident response plan is necessary to help in recovery and to mitigate cost and reputation damage.


Since it is likely a matter of when, l Vet the security programs of part-


ners in your supply chain, particu- larly those who have access to sensi- tive data, equipment, and IoT. En- gage with legal counsel to ensure that contracts with partners and vendors include language regarding data breach responsibility.


Hackers don’t need to defeat an entire system, they need only to exploit a single weak point.


l


Use monitoring software to track actions on sensitive data. This type of software can detect potentially suspicious behavior, such as employ- ees downloading data not relevant to their positions or an employee copying data to an external drive or sending it to his or her personal email account.


It will be hard to implement


these tactics without winning the support of leadership and employees. Leaders control the purse strings to implement data security plans, and employees are typically the weakest link in an organization’s security chain.


Many manufacturers do not


have extensive data classification policies, leaving the management with only a vague semblance of the cyber assets that need to be protect- ed. This shortcoming may make it difficult for senior leadership to sup- port strategies — and provide fund- ing —for needed cyber security steps, as it is not clear what needs to be protected. Security awareness education


should be a part of employee on- boarding, and regular security re- minders are required. Training should be as specific as possible, fo- cusing on the employees that have access to high-risk data and the is- sues and threats that are likely to oc- cur. Security education can also help employees identify signs of IP theft risk in coworkers. In this era of massive data gen-


eration and our reliance on instant access to it, taking the steps to secure IP and operations data is no longer a


luxury, but a necessity. Contact: Teramind, Inc., 37-24


24th Street, Suite 140, Long Island City, NY 11101 % 212-603-9617 E-mail: ikohen@teramind.co Web: www.teramind.co r


February, 2018


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68  |  Page 69  |  Page 70  |  Page 71  |  Page 72  |  Page 73  |  Page 74  |  Page 75  |  Page 76  |  Page 77  |  Page 78  |  Page 79  |  Page 80  |  Page 81  |  Page 82  |  Page 83  |  Page 84  |  Page 85  |  Page 86  |  Page 87  |  Page 88  |  Page 89  |  Page 90  |  Page 91  |  Page 92  |  Page 93  |  Page 94  |  Page 95  |  Page 96  |  Page 97  |  Page 98  |  Page 99  |  Page 100  |  Page 101  |  Page 102  |  Page 103  |  Page 104  |  Page 105  |  Page 106  |  Page 107  |  Page 108  |  Page 109  |  Page 110  |  Page 111  |  Page 112  |  Page 113  |  Page 114  |  Page 115  |  Page 116