bigstock-computer-security-breach-75957572-300x200Mid-market manufacturers understand the importance of protecting intellectual property. They go to great lengths to protect their intellectual property, knowing their products and business practices are key to their success.

 

Yet, if you look at how businesses tend to approach manufacturing security, it’s a different story altogether. Outdated software, unpatched vulnerabilities and poor security culture make it easy for hackers to come in, take what they want, and sell your competitive advantage to an overseas competitor. Manufacturers need to understand and address the security threats they face immediately, or hackers and cyber-spies will force them to learn the hard way.

 

Why Manufacturers Don’t Get It

 

Hacking has been around for a long time, but it hasn’t affected all industries equally. Cyber criminals have gone where the money is, targeting banks, financial institutions, and retailers with stored credit card data. More recently, big healthcare and government databases have been targeted — and for good reason: these organizations store millions of personal records such as names and social security numbers, which can be sold on the black market.

 

The dangers posed by hackers, along with tough security and compliance laws like PCI and HIPAA, have led these industries to take security more seriously. The financial industry has only accounted for 9.2% of known data breaches in the last ten years, according to a recent TrendMicro report. Healthcare currently accounts for a whopping 27% of the last decade’s data breaches, though companies in the industry are starting to invest more heavily in security, so their numbers are likely to decline.

 

The manufacturing industry, on the other hand, hasn’t had any really sensational public breaches, and continues to underinvest in security. Likewise, companies often don’t disclose breaches, making it hard to see the full extent of the problem, but the numbers we do have are alarming enough.

 

A recent Symantec study shows that, in 2013, 23% of specifically targeted attacks were directed at the manufacturing industry — more than any industry. In 60% of cases, the attacks weren’t detected for months or even years, so there are probably many more that are unaccounted for. But with a shortage of qualified security and compliance personnel, and a lack of awareness in the industry, it’s likely many manufacturers will continue to lose valuable intellectual property to cyber thieves. Here are some of the biggest threats the industry faces:

 

1. Your System is Poorly Patched

 

Hollywood portrays hackers as misguided geniuses, breaking into high security systems with cutting edge attacks — but usually, they can just walk in through an open door.

 

According to Verizon’s 2015 Data Breach Investigation, 99.9% of 2014 hacks exploited vulnerabilities that had been known for at least a year, and over 70% of the time, patches were available that could have protected against the attacks.

 

Companies could improve IT compliance and security just by updating and patching their systems, but that’s not the whole story. Even when internal security is on the job, hackers are often faster. In 2014, nearly half of all Common Vulnerabilities and Exposures (CVEs) were exploited by hackers within two weeks of their discovery and publication. Installing patches isn’t enough; you need a security and compliance team that’s watching. All the time.

 

2. Cyber Spies are Targeting Your Data

 

The Verizon data makes it clear that hackers are targeting manufacturers’ intellectual property through methods that exploit lax security awareness. Although cyber-espionage only makes up 0.8% of known attacks, it accounts for 60% of attacks targeting manufacturing.

 

Making matters worse, routine online behavior can let the cyber spies in. 93.9% of cyber-espionage breaches come from clicking on an email attachment or link, or from an infected webpage. Keeping enterprise software up-to-date won’t protect you, because hackers are exploiting the computers your employees use to conduct business; even if you protect your computers, employees can still expose you to malware by using their own devices.

 

Without a strong security and compliance policy and a vigilant security team to monitor computer use, there’s no way to defeat this threat.

 

3. Your Control Systems Could be Wide Open for Sabotage

 

The electronics that control your factory floor are decades behind in security. According to Symantec, industrial control systems weren’t designed to be attached to the Internet — that’s what kept them secure. Unfortunately, manufacturers potentially expose them to malware every time they update software or download log files over a network or with a USB stick. That simple, innocent action is enough to expose your whole system to malware. Making matters worse, many plant operators make systems more vulnerable by permanently putting SCADA or PLC online.

 

It’s a recipe for disaster: if manufacturing companies aren’t prepared for attacks on their modern, sophisticated ERP software, imagine the vulnerabilities of their control systems, which were not designed with online threats in mind. While there have only been a few hacks that caused serious damage to plants, the threat is still very real — and very horrifying.

 

Likewise, with no IT compliance laws requiring disclosure, there are probably more we don’t know about. With businesses compiling and selling SCADA exploits, it may be only a matter of time before saboteurs start attacking the production line.

 

Why You need Symmetry

 

Manufacturing security is under attack, and no one is talking about it. Without the security and compliance laws that made banks start taking online crime seriously, it’s up to individual organizations to take the initiative. But just like there’s no one solution that will keep your business ahead of the competition, there’s no single fix that will make your security hacker-proof. In both cases, you need a dedicated team of professionals to give you the edge.

 

Symmetry partners with mid-market manufacturers to provide a managed private cloud with cutting edge cyber security services. We use a multi-layered approach, fortifying your systems and monitoring your network, so we can respond to hacking attempts before they can do damage. We can address all your IT compliance and infrastructure needs in one service, so you can focus on doing business, and let us worry about bugs and bad guys.

 

Our managed private cloud is the first step in defense. Our IT experts keep SAP® and other enterprise software patched, stable, and up-to-date, eliminating the vulnerabilities that most hackers exploit. With our Compliance as a Service offerings, we can secure your entire organization. Our IT compliance experts will audit your software and business practices for weakness, help your IT team create and implement security best practices, and set up firewalls and sophisticated monitoring tools to prevent future intrusions.

 

But it’s Symmetry’s ability to monitor your system on an ongoing basis that really separates us from the pack. We watch our clients’ networks and servers 24 hours a day, working with a counter threat unit which can respond to new exploits immediately. Our team can detect hackers when they’re scanning your system for vulnerabilities, stopping security breaches weeks or months before they can be launched. We’ll also monitor employee computers, preventing cyber-spies from hijacking browsers and using them to steal your intellectual property.

 

Stay Safe with Symmetry

 

Technology is an essential part of security, but it’s not enough alone. Unless you have an actual person watching, important signs might be missed. Our cyber security services combine cutting edge tech with an expert team, to quickly detect and neutralize threats.

 

When spotting suspicious network traffic quickly can mean the difference between taking a breakthrough product to market before the competition, and losing your edge to an overseas hacker, you need a security and compliance partner who can protect your investment. Symmetry can keep you safe in the cloud.

 

 

Photo Credit: © weerapat/Bigstock

About Scott Goolik - VP, Compliance and Security Services

Scott Goolik is VP of Compliance and Security Services at Symmetry. A recognized expert in the field of SAP security and compliance, Scott has over 20 years of expertise in SAP security and is a regular presenter at SAP industry tradeshows and ASUG events. His experience includes working for one of the Big Four accounting firms and developing auditing tools, including those for segregation of duties (SOD). Scott is also responsible for architecting the ControlPanelGRC® solution which provides audit automation and acceleration of security and control processes.