Taking the Cyberattack Target Off Manufacturers' Backs
Today there are two types of companies, the saying goes – those who have been hacked and those who don’t know they’ve been hacked. Unfortunately, many manufacturers fall into the latter category. Despite the constant news about the growing cyber threats in the manufacturing industry, many manufacturers, especially small- to mid-size companies, fall short when it comes to cybersecurity planning.
The importance of protecting the 188,000-plus small manufacturers cannot be overstated, says David Linger, President and CEO at TechSolve. Inc., a Cincinnati-based company dedicated to advancing manufacturers through technology. "These small firms are the backbone of manufacturing – the ninth largest economy in the world with over $2.1 trillion in value added."
Unfortunately, while many small to mid-sized manufacturers may think they are unlikely targets, the reality is quite different. "Cyber criminals are exploiting the information that manufacturers believe they’ve safely locked away," Linger testified in a statement before the United States House of Representatives Committee on Small Business last fall. "They have proven how private data, on any computer or manufacturing device that is connected to the internet, is vulnerable and susceptible to malicious attacks, tampering, theft and misuse."
In fact, according to the National Association of Manufacturers, about 98 percent of United States manufacturers are small businesses. And, according to The National Cyber Security Alliance, roughly 60 percent of small and mid-sized businesses that are hacked are forced to shut down within six months of the attack.
Bottom line: Cyber criminals are targeting manufacturers of all sizes. And the longer companies delay addressing their risks, the longer they leave their business and operations exposed.
The challenge: According to the results of a 2017 Ohio Manufacturing Extension Partnership (MEP) manufacturers’ survey, only 12.5 percent of the manufacturers who responded understand what cybersecurity is and have worked to protect their machines, intellectual property and IT system, and only 4 percent have undergone a cybersecurity assessment.
"Don’t ignore the risk," advises Daniel Glover, a certified ethical hacker and TechSolve’s Cybersecurity Program Manager. Glover leads TechSolve’s talented crew of manufacturing cybersecurity experts, skillfully trained to quantify manufacturers’ cyber risks and help them develop customized protection plans.
Reports released in 2018 by Symantec Corporation, NTT Security and Cisco Systems confirmed what TechSolve typically encounters when working with small manufacturers – the three biggest obstacles for small U.S. manufacturers adopting advanced security processes and technologies are budget restraints, competing priorities (focus on productivity and efficiency) and lack of knowledge regarding the invasiveness and impact of cyber attacks. This leads some manufacturers to take a calculated risk and delay cybersecurity remediation – a choice that can lead to a manufacturer’s loss of intellectual property (IP), creation of defective products and even the end of a family business.
In order to combat Ohio manufacturers’ budget restraints, lack of knowledge and competing priorities, TechSolve has collaborated with the Ohio MEP to make cybersecurity resources more accessible to small and mid-sized manufacturers. By deploying awareness campaigns regarding the Department of Defense’s Defense Acquisition Regulations System (DFARS), the National Institute of Standards and Technology’s (NIST) NIST 800-171, and the Automotive Industry Action Group’s cybersecurity guidelines – as well as DFARS’ Dec. 31, 2017 compliance deadline – TechSolve is on a mission to help manufacturers understand and address their cybersecurity.
What Ohio manufacturers may not know is that the "safe harbor" law that came with the August 2018 passage of Ohio Senate Bill 220 encourages businesses to voluntarily adopt one of the 11 industry-recognized cybersecurity frameworks on which businesses can base their security programs. The law provides a limited amount of protection from civil litigation if companies can document they have taken steps to safeguard information on their networks.
A trusted leader in the field that works directly with NIST MEP and maintains engagement in and access to the latest research and resources on cybersecurity, TechSolve leverages its 35-plus years’ experience serving manufacturers’ needs in the areas of machining, data extraction and manufacturing processes to guide companies through the sometimes daunting process of complying with these and other emerging industry standards.
The time is now for manufacturers of all sizes to take action to reduce their risk and own their cybersecurity.
TechSolve is located at 6705 Steger Drive, Cincinnati, OH 45237. For more information, call 513.948.2000, or visit www.techsolve.org