High-profile cyberattacks on government agencies and the financial services, retail, and entertainment industries garner more media attention, but companies in the manufacturing and distribution (M&D) sector are just as vulnerable to the loss, theft, or destruction of sensitive data. So it is incumbent on M&D businesses to put in place the same cybersecurity essentials that other vulnerable businesses implement, including:
Beyond these core elements, the challenges M&D companies face are specific to their industry. The following two topics – logging and monitoring the risk and addressing legacy system issues – are designed to assist technology and information security officers with identifying common vulnerabilities.
These are questions they should be asking themselves about their company’s current cybersecurity requirements, capabilities, and gaps.
SIEM systems are used widely to aggregate and correlate the numerous event logs that are integral to various technology systems, including networks, databases, servers, and individual applications. To be effective, a company’s SIEM system must be customized and tuned to integrate all layers of technology into the company’s unique system environment.
Beyond merely aggregating the information, however, the SIEM must also be configured to identify particularly sensitive data, as well as to apply intelligent analysis that recognizes specific event patterns that could indicate both basic and advanced types of attacks.
How do we manage security for legacy systems that are no longer supported?
Modern M&D organizations typically rely on a variety of highly specialized or customized production software applications that, over time, become outdated or are no longer supported by their original providers. Although running software past its support date is never recommended, a variety of business reasons might make it necessary to do so. Often, viable replacement applications are either unavailable or prohibitively expensive – yet retaining outdated software is a risky tactic that introduces the possibility of new vulnerabilities that cannot be patched or updated.
M&D management needs to identify such vulnerable legacy systems and implement compensating controls that can help bring the risk of these systems to an acceptable level.
Cybersecurity issues in the M&D industry are further explored in this IndustryWeek article, "Cybersecurity on the Factory Floor."
In accordance with applicable professional standards, some firm services may not be available to attest clients.
© 2017 Crowe Horwath LLP, an independent member of Crowe Horwath International.
As of June 1, 2016, the professionals of AbleBridge have joined Crowe Horwath LLP, a public accounting, consulting, and technology firm. We continue our focus on Microsoft Dynamics® CRM (now Dynamics 365) sales and implementation as well as innovative add-on products.