Now more than ever, manufacturing needs to guard against cybersecurity threats

Is improving cybersecurity at the top of your New Year's resolution list? Perhaps it should be.

According to "Cyber Risks in Advanced Manufacturing," a report from the consulting firm Deloitte and the industry association Manufacturers Alliance for Productivity and Innovation (MAPI), 39 percent of manufacturers that responded to a survey had experienced a cybersecurity breach in the past year. Additionally, nearly half of surveyed executives acknowledged that they were not fully confident that their organization's assets were protected from external threats.

The report, which is based on 35 interviews with industry executives and 225 responses to an online survey, looks at the current state of cybersecurity among manufacturers, emerging risks, and leading strategies for addressing cybersecurity.

The report argues that manufacturers are particularly vulnerable to cybersecurity threats because they are implementing new and emerging technologies, such as sensors, "smart" products, analytics, and the Internet of Things, at a pace that has never previously been seen. These technologies will create many new and complex security risks that manufacturers have not dealt with before.

Some of the study's suggestions for improving cybersecurity include:

• Create risk management strategies for enterprise systems and emerging technologies at the same time they are being deployed.
• Build a "cyber risk" team that goes beyond simply having a chief information security officer.
• Develop situational awareness and threat intelligence that identifies the top cyber risks to your organization and how you might be making yourself vulnerable to threats.
• Create a strategy for handling cybersecurity breaches that will help the company return to "business as usual" as quickly as possible.
• Implement monitoring mechanisms for high-risk networks, systems, and data that will alert you to abnormal activity.
• Perform a risk assessment that focuses not just on your enterprise systems but also on your industrial control systems and connected products. It is preferable to have an outside expert perform this assessment to ensure you are receiving unbiased advice that takes advantage of current cybersecurity best practices.
• Make sure that employees are aware of their responsibilities for helping to mitigate risks. This includes knowing how to guard against "phishing" (sending fraudulent emails that look like they are from reputable companies in an attempt to get the recipient to reveal personal information) and other forms of social engineering (using deception or manipulation to trick people into divulging confidential information), how to protect intellectual property and sensitive data, and how to report unusual activity or other areas of concern.

This well organized, 53-page report provides solid, clearly written advice that can be applied even to companies outside of manufacturing. Go to www.mapi.net/forecasts-data to download this and other MAPI reports.