Assess and operationalize cybersecurity to address risks to the business

According to a 2022 report by the National Association of Manufacturers (NAM), ransomware attackers are increasingly targeting US manufacturers. SMMs cannot afford to ignore threats to the security of their systems and networks anymore by neglecting to keep them updated.

We recommend the following steps to manage risks to your IT and Operations Technology (OT) networks:

1. Initiate an assessment – Assess risks to your technology assets comprehensively by engaging a firm offering cybersecurity expertise or by hiring a Chief Information Security Officer (CISO). A comprehensive assessment should include processes such as server patching, enterprise systems and device upgrades, user authentication, user access management, data privacy, security testing as part of the software development lifecycle, malware detection and resolution, vendor assessment, and employee background checks. However, an assessment is of no use if action is not taken on the recommendations. 
2. Operationalize security updates – Patching of servers, devices, network appliances and applications, major upgrades of applications at least annually, and security testing as part of software development lifecycles should be operationalized. Such operational rigor goes a long way in protecting systems and networks from bad actors. To manage the risk of turnover in the IT operational staff, engage a managed service to keep systems and networks updated. 
3. Operationalize vendor assessments – Develop a standard questionnaire to assess the security practices of vendors offering software development and managed IT services. 
4. Separate IT and OT networks – As a best practice, IT and OT applications and devices should be in networks separated by a firewall. Segmenting the OT network depending on function further improves the resilience of business operations. This way, the likelihood of a contagion in one network affecting the other network is minimized.
5. Educate your workforce – Social engineering is a major cause of cybersecurity incidents. Malware often arrives in the form of a legitimate looking email. Passwords are stolen when a person with authorized access unwittingly reveals it to a bad actor posing as an employee desperate for help. Employees, executives, contractors, and managed services staff should be educated on safe digital practices, and report suspicious contact via email or phone.

Additional resources

• Read an article about segmentation as a key feature of industrial network design.

• Access Digital Manufacturing Institute’s cybersecurity hub here.