According to Shahryar Shaghaghi, Head of International BDO Cybersecurity,
“All it takes is one weak link in the security chain for hackers to access and corrupt a product feature, an entire supply chain or a critical piece of infrastructure. The stakes are too high in the manufacturing industry for complacency or inattention. Security can no longer be considered an add-on to products and processes.”
Top 20 Risk Factors Facing Manufacturers
Cybersecurity isn’t just something we want to push on manufacturers. It’s something manufacturers are inherently concerned about themselves. Look at the table below for more insight.
In 2017, adherence to federal/state/local regulations is the second highest risk factor out of the top 20 cited by manufacturers. This includes cybersecurity regulations such as DFARS which is a federally-mandated regulation affecting manufacturers who engage in military contract work.
The 7th highest concern out of the top 20 risk factors is the threat of a cybersecurity breach. So, not only is cybersecurity something manufacturers are concerned about, but it’s being required by federal law in many cases. For a more in-depth analysis on these two risk factors, check out BDO’s full report here.
Unique Cybersecurity Challenges Facing Manufacturers
Manufacturers have their own unique challenges in terms of cybersecurity. They have SCADA systems, CNC machines plugged into the internal network, and control systems that run machinery and are also on the network. Other industries are mainly concerned with protecting workstations, servers, and network equipment. In manufacturing, there is a whole plethora of other devices that now need to be in-scope for security assessments.
Then there’s the threat to intellectual property. The FBI estimates that $400 billion worth of IP leaves the U.S. each year.
Even if a manufacturer doesn’t store medical data (HIPAA), or credit card data (PCI), the cost of downtime alone should be a reason to take a hard look at cybersecurity, particularly having a current, tested incident response plan in place.