Occasionally cyber-security incidents make the news, but most go unreported. The numbers are staggering. The US Department of Homeland Security says US critical infrastructure experienced a 20% increase in cyber incidents in 2015 from the year before. Manufacturing was the most commonly attacked sector, representing 33% of all critical infrastructure cyber-security incidents. Manufacturing sites were attacked twice as often as the second-most attacked industry, energy.
Security experts says the most common approach to security—the IT equivalent of a single door with a strong lock—is a terrible idea. As cyber-security expert Kevin Mahaffey explained at the 2016 CeBIT Security conference in Hannover, the fortress of protection approach is not secure. “Big walls on the outside and nothing on the inside” is how he described it. Unfortunately, this is how many companies approach data security. But once that initial password screen is breached, the whole of manufacturing IT is there for the snooping or taking.
Size is irrelevant when it comes to cyber-security: Fortune 100 companies and small businesses are equally vulnerable and equally seen as targets. Cyber-security experts including Mahaffey counsel their clients to take a three-stage approach to protecting their intellectual property and their entire IT infrastructure.
Rule number one: Use strong and frequent update processes. Any time your software vendor issues a patch or an update, install it. There are usually security improvements even if the stated reason for the update is something else.
Rule number two: Build immunity, not protection. Mahaffey likes to teach this principle by using the human body as a metaphor for security systems. Skin is only the first layer of protection against disease. Every major body system has its own methods of dealing with infection. Your IT security should be achieved on a system by system basis. Don’t trust the external firewall because “absolute trust will be hacked absolutely,” to quote Mahaffey.
Rule number three: Isolation subsystems. Continuing with the body-as-IT metaphor, the most crucial system of all—the brain—has its own special layer of security, the blood-brain barrier. Commercial aviation is a good example of how to isolate subsystems; the in-flight Wi-Fi can’t communicate with the autopilot.
In most SMB engineering firms, security is a challenge. Proprietary engineering information is usually located in folders across the enterprise—sometimes even on users’ local hard drives—yet all that data needs to be easily and safely accessible by other departments. The solution is to use a document management with a secure vaulting system to protect files, ensuring proprietary engineering information is not at risk of being lost, misplaced, deleted or even stolen.
Synergis Adept helps build in the kind of protection the three rules above are describing. It provides secure, controlled access to documents from any location, it isolates access to engineering documents from unauthorized intrusion, and it utilizes smart vaulting to maintain native folder structure and file names without scrambling or moving files, a key for rebuilding a system that might still be breached despite best efforts. For more information on why Adept offers the best foundation for security click here.
Randall S. Newton is the principal analyst and managing director at Consilia Vektor, a consulting firm serving the engineering software industry. He has been directly involved in engineering software in a number of roles since 1985. More information is available at https://www.linkedin.com/in/randallnewton.