This column may scare you. There are parts that scare me.
The bad news first, from the IBM site:
“Security breaches are growing more common and more costly. According to IBM’s Cost of a Data Breach report [you can download it after you fill out a form], 83% of organizations have had more than one data breach, and the average breach costs USD $4.35 million. Cyber insurance can lessen the financial impact of these breaches, making it an important part of risk management for businesses today.”
In taking a quick personal inventory, have I ever been on the wrong end of a data breach? If that includes credit card services, yes. I don’t even remember how many times it happened, probably six or seven, and not all in this country. But I’ve never experienced data theft or any business cybercrime.
Do I know any companies who have had data theft? Yes. Outages? Yes. Uninvited network entries? Yes. Ransomware attacks? Yes. So, I am not comfortable.
As for the manufacturers reading this, you are in a very interesting situation. The promises of automation are real. Faster, less expensive, higher quality, more accurate are words to describe today’s manufacturing environment. Because we accept the advantages of automation, some Business Law of Entropy (yet to be defined) says that we must accept the disadvantages as well.
One of those disadvantages emerges from a connected environment. That has been the main thrust of Industry 4.0. Now we have data on the shop floor and the machines are connected. Data lives in many places—laser cutting machines, press brakes, shipping and receiving machines, warehouse scanners, and of course in the office and in the IT department. It introduces a vulnerability we did not have even 10 years ago.
Enough of the scary part—you might be asking “What can I do about it?” In years past, the answer was, “Nothing,” but now there are a few things you can do:
- Get started. Where? Find your vulnerabilities. This is a little more difficult than it sounds. It’s much easier to fix something that is already a problem. You find the problem and then you take actions. Vulnerability itself is about a future problem and it’s difficult to think of every possible nefarious scenario. Siemens will offer in July 2024 a software-as-a-service solution called SINEC Security Guard, one purpose of which is to find the production vulnerabilities in your network. Here’s our story about SINEC. It’s also in our May newsletter.
- Take the plunge. IBM has many service offerings that can help you use a holistic approach to cybersecurity. So do many of the large IT consulting firms. If you’re serious about shielding your company, you’ll find the right partner.
- Consider insurance. Yes, you can purchase insurance against cybercrime. Insurance companies protect against IP theft, customer data theft, product liability, and ransomware. If these sound like mega-corporation problems, they are, and they are the same potential problems as in your business. A note here is that new practice areas are opening that blur the lines between insurance and services. “Incident Response” is one such practice area.
One other thing: as we move from the connectivity world of Industry 4.0 and into the Fifth Wave world of shared applications, AI, and data collection tied to machine optimization become even more important. The ability to disrupt is magnified as we move from mere connectivity to omnipresent data and distributed applications.
Look everywhere. We don’t want to be in the sorry situation of the ancient farrier:
For want of a nail, the shoe was lost;
For want of the shoe, the horse was lost;
For want of the horse, the rider was lost;
For want of the rider, the battle was lost;
For want of the battle, the kingdom was lost;
And all from the want of a horseshoe nail.