October is National Cybersecurity Month. During this month we recognize organizations and people that play an increasingly significant role in securing our interconnected world.
Many manufacturers believe that they are “too small” to be victims of cyber hackers or cybersecurity is too expensive or too difficult for them to address. Based on the growing number of cyber incidents occurring, small manufacturers and their customers now have more to lose than save. Remediating a cybersecurity event is extremely costly and threatens a company’s solvency and its employees’ future. Numerous studies have shown that the manufacturing sector is the second most targeted industry, after financial institutions, because the information they handle is extremely valuable.
Every business faces risk when operating online and needs to consider its cybersecurity status. Smaller entities, who are part of larger companies’ supply chains, are often prime targets who could, unknowingly, allow cybercriminals to access their clients, through their supply chain and payment portals. Consequently, there is no time left for manufacturers to delay having preventive measures, controls, policies, and procedures in place. This is not just a task or once and done event. Cyber security must be a core operating principle and protocols must be active within an organization 24/7/365.
Every connected device in a company is vulnerable to risks and offers another entry point for a cybercriminal to do damage to personal and professional assets. Key tactics are:
- Practice good cyber hygiene;
- Be aware of phishing emails. One innocent click on a seemingly harmless email attachment or “official looking” piece received, can start a surging series of undetectable activities percolating in the background of your systems;
- Report suspicious items to your IT support team; and
- Be extra cautious in your computing actions.
These tactics are the simplest first line defenses against ransomware invasion and other cyber incidents.
Many businesses have faced disasters or unplanned events and have come to realize their company’s Business Continuity Plan and Disaster Recovery Plan are not as effective as they need. Make sure these plans address cyber preparedness and countermeasures.**
Additionally, the Department of Defense (DoD) and aerospace industries have ramped up their focus on cybersecurity. They require manufacturers to take steps in protecting sensitive information in order to continue doing business throughout their supply chains. With current and future DoD contracts at risk, compliance is a strategic necessity that subcontractors cannot ignore. The Cybersecurity Maturity Model Certification (CMMC) certification requirement applies to prime contractors as well as subcontractors lower in the supply chain. Failure to be CMMC certified, or pass a CMMC audit, will result in companies being excluded from contract bids. Third party CMMC certification audits, like those obtained for ISO quality management systems, are scheduled to begin sometime in the next 18 months. Time is running out for manufacturers to understand and remediate their vulnerabilities and reach compliance.
Both the National Grid and NYSEG Manufacturing Productivity Grant programs support CMMC Gap Assessment and remediation plan projects delivered through Insyte Consulting. The comprehensive investigation and analysis of your readiness in the technical, physical, and administrative aspects of your business will give you the robust roadmap needed to significantly reduce your vulnerability in this sophisticated and progressively complicated digital age.