When it comes to cyber security, there seems to be a disconnect between how prepared Canadian manufacturers think they are, and how well-equipped they actually are.
According to the PLANT Manufacturers' Outlook 2017 survey, almost half of the 526 respondents rate their concern of cyber threats at a "medium" level—and approximately 50% believe they would be prepared if they were attacked tomorrow. Yet, with only 27% having a formal cyber security strategy in place—and 17% admitting to have taken no steps on the cyber security front—it seems unlikely they are as secure as they think they are.
This is particularly disconcerting given the fact that many Canadian manufacturers are in fact small and medium sized businesses—with small and medium sized businesses now making up 99.7% of the economy, according to the Canadian Chamber of Commerce, and increasingly becoming a target of hackers. With generally fewer resources available to sustain any longer-term disruption to operations, plenty of valuable intellectual property on hand, and fewer resources available to invest in cyber defence, today's small-to-medium sized manufacturers are not only easy targets for criminals, but they can also provide hackers with easy entry points into larger, more lucrative, companies.
So while many executives surveyed may feel prepared for a phishing attack, data breach or data encryption event, fewer have taken steps to account for more prevalent, modern-day threats—such as a breach from a third-party vendor or a targeted external cyberattack. And although 60% have implemented a security infrastructure—and 51% have data privacy controls in place—there is still more these organizations can do to ensure their operations, data and intellectual property are truly protected.
A four-pronged approach
To effectively ward off today's advanced cyber criminals, manufacturers should take a proactive approach—one which involves four steps: prepare, protect, react and change.
Step 1: Prepare. The first step in improving your existing cyber security measures—or implementing a sound cyber security framework—involves taking stock of what you already have in place. This can include evaluating existing vulnerabilities, going over your information security strategy, as well as understanding your information assurance obligations. Now is the time to also examine your relationship with third parties and determine how they affect your vulnerability to cyberattacks.
Step 2: Protect. With this information in hand, you're ready to establish your cyber governance and controls. These can include determining the ideal processes for repairing system vulnerabilities, as well as identifying steps to better secure information stored in the cloud.
Step 3: React. While cyberattacks are becoming inevitable, organizations can still control the amount of damage they cause by reacting swiftly. To do this, you should have a detailed response protocol in place for everything from system data breaches to Trojans.
Step 4: Change. The previous three steps won't be worth much if your organization doesn't embrace cyber security. That's why it's essential to raise cyber risk awareness across your company and take steps to instil it within your organizational culture.
While it may seem like cyber criminals have no interest in "small fish" like small-to-medium manufacturers, increasingly in our experience the opposite is true. By putting strong cyber security measures in place, you're not only increasing your company's chances of making it through a cyberattack relatively unscathed, but you'll also be sending a strong message that you're not an easy target—forcing hackers to find their next unsuspecting victim elsewhere.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
