Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
Cyberattacks last year hit the makers of tires, steel, and wind turbines—and effectively anyone who needed them. Like your most enthusiastic friend on LinkedIn, manufacturing is connected.
After detecting a ransomware attack in February of last year, Bridgestone shut down manufacturing facilities across North America and disconnected dealers from some production tools.
A report from the industrial cybersecurity company Dragos found that over 70% of all 2022 ransomware attacks focused on manufacturing environments and impacted at least 437 manufacturing entities.
During a Tech Brew presentation titled “Today’s Biggest Questions in Cybersecurity,” a PepsiCo infosec specialist named Juan Carlos asked, “In 2023 and beyond, what do you see as the biggest, most prevalent cyberthreats for the manufacturing industry?”
IT Brew posed the same question to four additional IT professionals.
The responses have been edited for length and clarity.
Jason Stading, consulting manager, ISG: One of the issues in manufacturing environments is old legacy equipment. Make sure that you have the right plan to update and refresh those systems…You want to make sure you’ve got the right compensating controls. And that I think starts with good physical security, good identity and access management, and then, where possible, for anything going outbound…you want to make sure you’ve got the right data protection, security, encryption, data loss prevention, and data leak prevention.
Steve Wertheim, director of cybersecurity, MorganFranklin Consulting: People like to send files over email. It’s a major vector of cyberattack. If you’re not digitally signed, you cannot validate the person sending you that email is whom they claim to be. Way too often, it could be a spoof. And anytime they embed a hyperlink, or attach a file: That is a potential vector for cyberattack. It could be ransomware, it could be a Trojan horse, it could be anything.
Jason Rebholz, CISO, Corvus Insurance: I think manufacturing firms have done an okay job at looking at their OT environments and trying to secure them…What this really leads to is: What about all these other vendors that you’re working with that are feeding you the raw materials to make what you need to make? I see this as more of a convergence between the cybersecurity risks and the business risks: Are you validating the security of these third parties? And can you assess the relative risks there?
Johanna Baum, CEO and founder, S3 consulting: A lot of companies now are trying to put more procurement processes in place to say, “If we’re going to transact, if you’re an organization that’s partnered with us and supplying, you need to go through this vendor management and procurement approval process.” And it’s not a one-time thing. “We’re doing this periodically; you will be periodically audited. We want to see your audits, certifications, your SOC1, your SOC2…”—BH