Webinar: Top IT Considerations for Manufacturers in 2022

Date April 20, 2022
Authors
Categories

Highlights from the April 20, 2022 webinar featuring Bruce Nelson, president, and Justin Krentz, account executive, of Vertilocity, an HBK Company.

Your information technology systems are a critical piece—and increasingly an interconnected piece—of your manufacturing infrastructure. Their effectiveness and security are key to your day-to-day operations as well as your plans for the days, months, and years ahead. “Top IT Considerations for Manufacturers in 2022” addresses ways to improve your IT processes, security posture, disaster recovery planning, and ERP.

Recognizing cyber threats

Manufacturing is a targeted industry by cyber attackers because they can see that the disruption of a breach can be devastating to a manufacturer and that the threshold for downtime for manufacturers is practically zero. Manufacturing jumped from eighth in 2019 on the most targeted industry list to second in 2021. And according to the IBM Security Index, it is currently the most targeted industry.

  • Why? Primarily due to unpatched and outdated software. Many manufacturers are running antiquated systems and have for a number of years.
  • Manufacturing hasn’t had security measures legislated so it’s up to the companies to do it.

    • NIST cybersecurity framework

    The NIST cybersecurity framework helps organizations manage and reduce cybersecurity risks through a set of cybersecurity activities. The core elements of the framework: identify, protect, detect, respond, and recover.

  • Identify: the processes and/or assets that need protection; the resources and critical data that need to be protected. Need to identify the critical elements, such as data stored for conducting processes, or product recipes. Manufacturers need to be responsible for this element.
  • Protect: develop and implement the appropriate protections to ensure critical infrastructure services. Once critical elements are identified, put a program in place to protect them. As you take on additional infrastructure, like new equipment, you have to manage and secure those devices.
  • Detect: able to identify incidents. Develop an understanding of how to manage cybersecurity risks to systems, assets, data, and capabilities. Should be consistent with risk management strategy and include a process for determining what happened, what it affected, and to who to report it.
  • Respond: develop and implement appropriate activities to respond to a detected event. Support the ability to contain the impact of a potential event. Are assets prioritized correctly? Make sure there is a hierarchy and that someone is responsible for responding to an event. Do you have contact information on software providers and insurance companies? More events are generated from internal threats that you’re not aware of. You should have contingency plans for accessing email and other key business processes. Responding is a collaborative effort between the manufacturer and its business partners.
  • Recover: the ability to restore capabilities and services. Develop and implement the appropriate activities to maintain plans for resilience and restore capabilities or services that were impaired. Consider: if a device gets compromised, what effect does that have on your business? Empower those responsible for recovery; provide the support from leadership to be able to do and test these recovery processes. Consider the different requirements for restoring a file or a server or a cloud-type environment; think through what’s required and assign responsibilities.

    • Cybersecurity Maturity Model Certification

    CMMC Model 2.0: Three levels—foundational, advanced, and expert. The level required is currently based on the level of interaction with the Department of Defense, but requirements will be rolled out to the entire manufacturing industry.

    Cybersecurity Infrastructure & Security Agency

    The government agency whose purpose is to collect and analyze events from all industries. It works closely with all major publishers, such as Amazon, and are actively publishing industry-specific known threats and best practices. Takes a collective effort of software, hardware and cybersecurity firms to identify and publish threats and inform on different topics. Familiarize yourself with the website: www.cisa.gov

    16 critical items for your organization’s security posture

    • Ways to protect your organization from a cyber attack:

    – security assessment

    – span email

    – passwords

    – security awareness

    – industry expertise

    – advanced endpoint detection

    – multi-factor authentication

    – computer updates

    – dark web research

    – log management

    – web gateway security

    – response plan

    – firewall

    – encryption

    – backup

    How can a Managed Service Provider (MSP) help?

    • IT security is an increasingly collaborative effort. There are too many elements, technology is too ingrained in every aspect of the organization, to make a third party vendor solely responsible. So the trend is a co-managed model.

    • MSP services include:

    – Monitoring & maintenance support: Are we managing this proactively; automated systems should be in place.

    – Technical services: The people part of it: how are we supporting the teams responsible for cybersecurity activities?

    – Executive reporting: How are we reporting to management to show that we can identify and detect? Might not have the expertise in-house or bandwidth to do this without external support.

    – Network documentation: Document IT assets, site detail, and implement secure password management. Need to be sure these things are in place and up to date.

    – Recurring business reviews: Hold weekly or bi-weekly meetings for ticket review and forecasting. Are unknowns planned for? Can we adapt to address them?

    • Security services include: advanced threat protection, multi-factor authentication, dark web monitoring, enterprise mobility management, and disaster recovery planning

    Elements in the general framework of disaster recovery planning:

    – Implement full network discovery.

    – Define recovery objections.

    – Define applications, dependencies, and criticality.

    – Obtain licensing information.

    – Define physical location document call tree.

    – Document insurance contact information.

    – Test.

    Hot topics we’re seeing related to Enterprise Resource Planning (ERP):

    • Clients need to adapt and better align with partners. Focus used to be on getting data into systems, now it is how to get the data out, how to make it usable, how to get it from machines on the floor for better insights, how to plan better for supply chain deficiencies, and how to do more for less.

    • Process and workflow automation: there is an abundance of tools to automate IT systems, and to integrate people and processes. Solutions include Microsoft Dynamics 365 and Sage Intact, as well as five or six other top-tier solutions to build your foundation off of.

    • Elements of a power platform include:

    – Power BI: putting data-driven insights into everyone’s hands

    – Power Apps: custom apps that solve business challenges

    – Power Automate: the ability to automate organizational processes

    Speak to one of our professionals about your organizational needs

    "*" indicates required fields

    hbkcpa.com needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at anytime. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.