Insights: Article

Is Your Manufacturing Business Running a Technology Debt?

September 06, 2018

Manufacturing and distribution is an industry built on momentum, but what happens when maintaining the necessary speed puts you at risk of grinding to a halt completely?

Manufacturing can often be a business of thin margins and shifting priorities. An area that often gets pushed down on the priority list is updating technology, mostly because systems are functioning properly so there appears to be no reason to update them.

The result of this decision is that there is an alarming number of manufacturing companies using old technology on their floors that makes them a prime target for hackers.

What’s Your ‘Technology Debt’?
Keep technology at the bottom of the priority list too long, and you end up with a “technology debt”—systems that are way behind on necessary security patches and updates, or worse, not supported with those updates at all.

“Manufacturing is behind the times when it comes to IT in general,” said Todd Neilson, Chief Technology Officer for cybersecurity and risk management firm Secuvant. “It’s not uncommon to see a Windows XP or Windows Server 2003 machine being used because it works. Security updates for XP ended in 2014 and in 2015 for Windows Server 2003.”

Technology that is no longer being supported with security patches are a magnet for cyberthieves, Neilson said, because hackers generally hit the lowest risk targets first.

Watching and Waiting
Many manufacturers may think that because this technology is often tied to machines on the floor, the threat is minimal. But as long as those machines are connected to a network, the threat is too big to ignore, said Anders Erickson, director of cybersecurity for Eide Bailly.

“Many manufacturers are unaware of just how much cyber risk they are carrying,” Erickson said. “Cyberthieves don’t announce their presence. They may sit in your system for months just monitoring to see what kind of sensitive information they can get. For example, they may wait to see how your organization handles wire transfers, who approves and who is in the chain. Then they’ll wait for the right time to act, get what they want and move on.”

These thieves will take anything with perceived value—IP data, customer data, credit card numbers. Some may even enact ransomware schemes or down floor machinery simply because they can.

Think Globally
You may think updating your technology is the solution, but that’s only a part of the puzzle in today’s cybersecurity landscape. Protecting your organization from a breach is more than just setting up a firewall. Cyberthieves are sophisticated, and it takes a comprehensive approach to ensure you are protected.

“You have to take a risk-based approach,” said Erickson. “Ensure you have the security policies and controls that focus on the greatest risk to your unique way of doing business.”

While more and more manufacturers are understanding this, there are still many who are behind in this critical area. In one recent survey, 40 percent of manufacturing cybersecurity professionals said they do not have a formal cybersecurity strategy nor do they follow standardized information security policy practices.

“That’s very typical,” said Neilson. “We find a majority of the businesses we talk to say they have a cybersecurity strategy, but they don’t understand what that strategy should actually encompass. They may think they are doing well because they have a firewall and anti-virus protection, or even people who are watching to react when they get hit. That’s not a strategy. They don’t consider things like disaster recovery, business continuity or crisis planning and incident response as portions of their cybersecurity strategy.

Everyone is struggling to put the controls in place to address current threats. You have to continually move forward with different options and controls to keep pace with today’s threats.”

Latest Insights

November 21, 2018
Each month, we strive to bring you the hacks, vulnerabilities and challenges of securing your daily habits and work environment. This brief is intended to help you make sense of the ever-changing world of cybersecurity so you can avoid similar…
September 24, 2018
In auto dealerships, showrooms, car lots and implement dealerships, there is a constant flurry of activity. One area that can easily get overlooked is cybersecurity.
September 12, 2018
Applications have made a huge impact on our lives, allowing us to keep track of the complexities of our day-to-day and save for our futures. But it’s important to understand where we are laying our trust.
September 10, 2018
Did you know a recent study found nearly 40 percent of manufacturers and distributors don’t have a cybersecurity plan? This is alarming for several reasons, and we’ve created this infographic to help show you just how critical a strong cybersecurity…
September 6, 2018
While cybersecurity should be top of mind for virtually any business today, many manufacturers don’t seem to take the threat seriously.
September 6, 2018
Developing a risk-based approach identifying the areas of most concern for your business will help your team understand that cybersecurity isn’t just an IT problem, it’s everyone’s concern.
August 14, 2018
Recorded Webinar
Service firms that handle client information have particular responsibilities to protect that information—protection that can be strengthened if the firm’s clients are protected as well. We’ll discuss particular protections required for different…
June 14, 2018
It is not to say that well run companies do not get breached, but all indicators lead to the conclusion that if certain things are done from the top down, the effects and cost of defending your company against data breaches, and recovering from a…
June 12, 2018
Recorded Webinar
While your company may be secure, can you say the same about your vendors? In this session we’ll discuss different techniques for performing appropriate due diligence, negotiating the right terms in your vendor agreements, and monitoring vendors for…
Find A Location