Kiteworks CISO Frank Balonis, a 20-year veteran of IT support and protecting manufacturing data, joins Smart Industry’s Scott Achelpohl as a follow-up to an April 22 article he wrote for SI in which he riffs off cyber threats that threaten the factory floor—both industrial OT and IT—and which methods of data intrusion require the most urgent action.
See also: Employees are your biggest cybersecurity threat
The proof is in numbers from Kiteworks: The average cost of a data breach in manufacturing has reached a staggering $4.47 million per occurrence. Much has been said about OT and IT defenses in manufacturing environments, which often are at the very least fragmented to combat the threat, so these companies are vulnerable to this kind of financial loss should they suffer an attack.
See also: Protecting OT data under persistent threat from ransomware
Frank discusses for how stealing private data is the objective for a majority of the malicious cyberattacks in manufacturing, with the latest Verizon Data Breach Investigations Report indicating private data is compromised 58% of the time in cyberattacks in the manufacturing sector.
Below is an excerpt from the podcast:
SI: In your article for Smart Industry in April, “Navigating red-alert security challenges in manufacturing,” you named five urgent cybersecurity action steps that manufacturing executives and their CSIOs and CIOs should take. They are 1) conduct cybersecurity assessments, 2) implement multi-factor authentication, 3) establish incident response plans, 4) educate and train employees, and 5) enhance supply chain security. Can you tell us what goes into each of these steps to make them successful?
FB: I sure can, Scott. First off, starting with conducting your first cybersecurity assessment, it can be a daunting task. So make sure you have the right understanding of the framework and its intent is in mind. These are crucial factors in doing your first assessment or doing an assessment. Seeking assistance from third parties that can provide guidance and understanding is a great way to start. They're invaluable in saving time and resources and completing the assessment in a timely fashion. It also helps you move on to the beginning stages of continuous monitoring improvements from that point on.
Podcast: Is manufacturing prepared for a super-complex energy grid?
For multifactor authentication, you need to start with a really good identity management system. These types of services allow for multiple forms of multiple-factor authentication and provide the flexibility needed not only for the individual and the service, but also the systems and the time they're being accessed. Having this flexibility makes things secure, but also easily accessible without interrupting work that has to be completed.
For your incident response plan, a good compliance and security program really helps prevent and protect your sensitive information infrastructure, but a great compliance program helps you for the eventuality of an event happening and the best way to respond to that event. So without a proper incident response plan in place, an incident that is known to happen, or be happening, but is not being addressed properly can increase the impact of that event and your ability to address it. That's why in every compliance program that I've ever been involved with or Kiteworks has worked through, you have to test and look to improve your incident response plan on a regular basis.
Podcast: Operations Leadership Summit updates
For educating and training your employees, as you mentioned earlier, the numbers are a good way to bring a conversation to the forefront and understand what's happening. Depending on what you're looking at, you can look at cyber events, 85 to 95% of them are caused by individuals, whether it's through a malicious attack with phishing or other related acts. So, educating these employees at the start and then on a regular basis will keep those principles of safe behavior at the forefront of their minds.
The proof is in the pudding. Every time we go through the process of doing our annual security training and awareness programs, I do see an increase in the number of reported possible phishing and scamming emails, highlighting that the end user and the employees are much more village and diligent at looking at these things. And actually, based on these facts over the last couple years, it’s become more apparent to Kiteworks and other organizations that maybe more frequent but smaller bits of awareness training and reminders are necessary. That is something that we're planning on doing, and I see a lot of other organizations doing as well.
Podcast: Cybersecurity landscape and SEC rules for 2024
So, the final thing would be good practices for your supply chain. Having all those four things in mind that I just discussed, to how you do things at home, so to speak, allows you to understand what best practices, not only for yourself, but also you can properly and better understand what you need to validate and understand with the supply chain, ensuring that they're doing at least as much as what you're doing in your compliance and your security to ensure that whether they're providing you services, storing your data or software, that they have a very comprehensive compliance and security program in place to ensure that your data and services are remaining secure and safe as well.
