Article
Top 5 manufacturing and distribution cybersecurity risks
Jan. 11, 2023 · Authored by Brian Nichols
The manufacturing and distribution (M&D) industry has been facing an increase in cyberattacks in recent years.
These attacks have caused businesses to shut down for weeks while they recover in some instances, impacting customers, employees and suppliers. Unfortunately, many M&D business owners don’t know where to begin when assessing and improving their cybersecurity risk management.
In order to help our M&D clients, Baker Tilly has developed the following list of common issues impacting the industry as a starting point to improving your cybersecurity posture and readiness in case of a cyberattack. Implementing cybersecurity solutions for the manufacturing industry can significantly enhance protection against these threats.
Supply chain risk
Suppliers can introduce unknown risks to your business, whether directly or indirectly, which can lead to increased risk of impact from a cyberattack.
M&D businesses should develop a third-party risk assessment process to evaluate the security risk related to each specific supplier. This could be related to sharing customer data with that supplier and how they plan to protect that data, or it could be related to giving that supplier access to your systems and how they plan to protect that access and, in turn, your company’s data.
Additionally, if you are utilizing a third party for software, whether you deploy that software internally or it is hosted within their environment, you should be assessing the security of their software by requesting SOC reports or through your own internal vulnerability scanning processes.
Perimeter security
When enabling connections outside of your organization (e.g., internet-facing systems or applications), perimeter security becomes a top concern. Organizations should carefully consider how they enable connections to the internet, including the use of firewalls that include intrusion prevention systems (IPS). Additionally, organizations should lock down access to those systems and sites through federated access controls and enabling multifactor authentication (MFA).
During COVID, many organizations opened up their internal network to the internet so that employees had access to those systems from home. However, in enabling a remote workforce, many organizations did not properly secure the access to their internal network.
