High-profile cyberattacks on government agencies and the financial services, retail, and entertainment industries garner more media attention, but companies in the manufacturing and distribution (M&D) sector are just as vulnerable to the loss, theft, or destruction of sensitive data. So it is incumbent on M&D businesses to put in place the same cybersecurity essentials that other vulnerable businesses implement, including:
Beyond these core elements, the challenges M&D companies face are specific to their industry. The following two topics – logging and monitoring the risk and addressing legacy system issues – are designed to assist technology and information security officers with identifying common vulnerabilities.
These are questions they should be asking themselves about their company’s current cybersecurity requirements, capabilities, and gaps.
SIEM systems are used widely to aggregate and correlate the numerous event logs that are integral to various technology systems, including networks, databases, servers, and individual applications. To be effective, a company’s SIEM system must be customized and tuned to integrate all layers of technology into the company’s unique system environment.
Beyond merely aggregating the information, however, the SIEM must also be configured to identify particularly sensitive data, as well as to apply intelligent analysis that recognizes specific event patterns that could indicate both basic and advanced types of attacks.
How do we manage security for legacy systems that are no longer supported?
Modern M&D organizations typically rely on a variety of highly specialized or customized production software applications that, over time, become outdated or are no longer supported by their original providers. Although running software past its support date is never recommended, a variety of business reasons might make it necessary to do so. Often, viable replacement applications are either unavailable or prohibitively expensive – yet retaining outdated software is a risky tactic that introduces the possibility of new vulnerabilities that cannot be patched or updated.
M&D management needs to identify such vulnerable legacy systems and implement compensating controls that can help bring the risk of these systems to an acceptable level.
Cybersecurity issues in the M&D industry are further explored in this IndustryWeek article, "Cybersecurity on the Factory Floor."
In accordance with applicable professional standards, some firm services may not be available to attest clients.
© 2018 Crowe Horwath LLP, an independent member of Crowe Horwath International.
As of June 1, 2016, the professionals of AbleBridge have joined Crowe Horwath LLP, a public accounting, consulting, and technology firm. We continue our focus on Microsoft Dynamics® CRM (now Dynamics 365) sales and implementation as well as innovative add-on products.
The personnel of SDGblue have joined Crowe Horwath LLP, a public accounting, consulting, and technology firm with a global risk consulting practice and offices around the world. This move provides SDGblue clients access to a broader range of products, services, and solutions, while expanding the Crowe cybersecurity risk management capabilities with a deeply specialized team.
Looking for the Client Login?
Access the SDGblue Client Portal
As of Oct. 30, 2017, the professionals of Rowbotham International have joined Crowe Horwath LLP, a public accounting, consulting, and technology firm. We continue our focus on domestic and international tax and audit compliance services, as well as advisory services.
The personnel of Tru8 Solutions LLC have joined Crowe Horwath LLP, a public accounting, consulting, and technology firm with a global risk consulting practice and offices around the world. This move provides Tru8 clients access to a broad range of products, services, and solutions, while deepening the Crowe GRC technology expertise to manage risk by better leveraging data and gaining more predictive insight.