Manufacturing is Risky Business

by Chris Talipsky 1. July 2016 09:26
Financial services, healthcare, and retail industry cybersecurity issues have been attracting the most headlines, but these are not the only industries facing significant cybersecurity attacks and breaches. In what may be a surprise to many people, manufacturing was the 2nd most targeted industry in 2015, according to IBM, behind only financial services. Indeed, as more manufacturing processes and infrastructure integrate technology, the more open they become to cyber attacks. And though manufacturing breaches may have flown under the radar for the general public, manufacturers are becoming increasingly aware of the looming cyber threat. In a recent manufacturing risk survey commissioned by BDO, 92% of manufacturers cite cybersecurity concerns, a 44% increase from 2013. According to Shahryar Shaghaghi, National Leader, Technology and Advisory Services at BDO, “all it takes is one weak link in the security chain for hackers to access and corrupt a product feature, an entire supply chain or a critical piece of infrastructure.” This vulnerability is illustrated by another finding of the survey: only 8% of manufacturers felt capable of preventing a breach. As a result, cyber risk management strategies are increasingly focused on response and resiliency, not just on prevention.

Preparedness is Key in Managing Crises

by Ken Urish 14. January 2016 12:35
Not if, but when. That is the approach companies should take toward breach response planning in our current cyber security environment. Risk managers must prepare as though a breach or data security crisis will occur in their company. Looking at past breaches of companies big and small provides perspective on the actions that have worked best for such organizations. There are steps that can be taken that will mitigate damage and manage reputational issues. Before delving into what companies should be doing, it’s important to stress what doesn’t work, and what companies should not be doing. Making the wrong moves, even early, can diminish trust from stakeholders and customers and set in motion further, possibly irreparable mistakes. One of the worst consequences of being unprepared is a lack of certainty about how to handle situations, and firms that aren’t prepared often shoot themselves in the foot through inaction. Part of that inaction is a hesitancy or delay in declaring the issue to stakeholders, clients, customers, etc. But a delay can cause distrust in those people that weren’t informed in a timely manner. Further inaction can cause issues to compound, which makes the situation even more difficult to deal with and to recover from. When any declaration or announcement is made regarding the situation, it should come from an informed place. Misrepresenting the facts or providing false information will only complicate issues further. Additionally, don’t make assumptions about what 3rd parties are or aren’t doing to ameliorate the issue. Take the information you have and do the right things. A well prepared company will be focused on business continuity, key stakeholders, and data management. In order to keep things moving in the midst of crisis, it’s important that you maintain stakeholders' trust during this time. That is why preparedness is such an issue. You should be fostering and developing relationships with your stakeholders, so that trust is already present. Even if the trust is there, don’t lose sight of the human element. The stakeholders are people, and their feelings are important to listen to and to consider. Making fast, critical decisions will also instill trust in your abilities and keep things moving. Very importantly, a lot of data related to your business and any that was directly involved in whatever caused the incident will need to be collected and reviewed by legislators, regulators, lawyers. Having the necessary data in place keeps the process moving and maintains a level of transparency for everyone involved. It also avoids negative legal and regulatory consequences. Obviously, to have the data readily available, means having a plan in place to track and monitor important data. As you can see, preparation is the biggest part of what to do versus what not to do. A company that is prepared to deal with a crisis is already ahead of the game and many missteps that would normally occur are naturally eliminated during a thorough planning process.