Highlights from the April 20, 2022 webinar featuring Bruce Nelson, president, and Justin Krentz, account executive, of Vertilocity, an HBK Company.
Your information technology systems are a critical piece—and increasingly an interconnected piece—of your manufacturing infrastructure. Their effectiveness and security are key to your day-to-day operations as well as your plans for the days, months, and years ahead. “Top IT Considerations for Manufacturers in 2022” addresses ways to improve your IT processes, security posture, disaster recovery planning, and ERP.
Recognizing cyber threats
Manufacturing is a targeted industry by cyber attackers because they can see that the disruption of a breach can be devastating to a manufacturer and that the threshold for downtime for manufacturers is practically zero. Manufacturing jumped from eighth in 2019 on the most targeted industry list to second in 2021. And according to the IBM Security Index, it is currently the most targeted industry.
NIST cybersecurity framework
The NIST cybersecurity framework helps organizations manage and reduce cybersecurity risks through a set of cybersecurity activities. The core elements of the framework: identify, protect, detect, respond, and recover.
Cybersecurity Maturity Model Certification
CMMC Model 2.0: Three levels—foundational, advanced, and expert. The level required is currently based on the level of interaction with the Department of Defense, but requirements will be rolled out to the entire manufacturing industry.
Cybersecurity Infrastructure & Security Agency
The government agency whose purpose is to collect and analyze events from all industries. It works closely with all major publishers, such as Amazon, and are actively publishing industry-specific known threats and best practices. Takes a collective effort of software, hardware and cybersecurity firms to identify and publish threats and inform on different topics. Familiarize yourself with the website: www.cisa.gov
16 critical items for your organization’s security posture
• Ways to protect your organization from a cyber attack:
– security assessment
– span email
– passwords
– security awareness
– industry expertise
– advanced endpoint detection
– multi-factor authentication
– computer updates
– dark web research
– log management
– web gateway security
– response plan
– firewall
– encryption
– backup
How can a Managed Service Provider (MSP) help?
• IT security is an increasingly collaborative effort. There are too many elements, technology is too ingrained in every aspect of the organization, to make a third party vendor solely responsible. So the trend is a co-managed model.
• MSP services include:
– Monitoring & maintenance support: Are we managing this proactively; automated systems should be in place.
– Technical services: The people part of it: how are we supporting the teams responsible for cybersecurity activities?
– Executive reporting: How are we reporting to management to show that we can identify and detect? Might not have the expertise in-house or bandwidth to do this without external support.
– Network documentation: Document IT assets, site detail, and implement secure password management. Need to be sure these things are in place and up to date.
– Recurring business reviews: Hold weekly or bi-weekly meetings for ticket review and forecasting. Are unknowns planned for? Can we adapt to address them?
• Security services include: advanced threat protection, multi-factor authentication, dark web monitoring, enterprise mobility management, and disaster recovery planning
Elements in the general framework of disaster recovery planning:
– Implement full network discovery.
– Define recovery objections.
– Define applications, dependencies, and criticality.
– Obtain licensing information.
– Define physical location document call tree.
– Document insurance contact information.
– Test.
Hot topics we’re seeing related to Enterprise Resource Planning (ERP):
• Clients need to adapt and better align with partners. Focus used to be on getting data into systems, now it is how to get the data out, how to make it usable, how to get it from machines on the floor for better insights, how to plan better for supply chain deficiencies, and how to do more for less.
• Process and workflow automation: there is an abundance of tools to automate IT systems, and to integrate people and processes. Solutions include Microsoft Dynamics 365 and Sage Intact, as well as five or six other top-tier solutions to build your foundation off of.
• Elements of a power platform include:
– Power BI: putting data-driven insights into everyone’s hands
– Power Apps: custom apps that solve business challenges
– Power Automate: the ability to automate organizational processes
"*" indicates required fields