04 March, 2022
ICG’s March webinar discussed cybersecurity strategies for manufacturers. You can view the full recording by visiting ICG’s Presentations page. Or, we’ve recapped the webinar here:
Cybersecurity is a multifaceted issue. There are many questions to be considered when thinking about this topic:
How well do you know your IT security?
Is your company’s cybersecurity reactive or proactive?
How does your security software stack up?
Are all your endpoint devices protected?
How is your data encrypted?
Do you have cybersecurity insurance?
.
There are many different types of threats. Understand the differences to ensure your business is adequately protected.
Threat Types
Direct breach: a targeted attack to hurt or extort your business. It can go unfound for quite some time. It is important to realize that this is different than ransomware.
Malware: an umbrella term for malicious software.
Phishing: the most common form of cybertheft. It involves collecting sensitive information. It takes advantage of a weak link — human users.
DDoS: when a server is intentionally overloaded until it shuts down your server or website. Hackers may do this to create a distraction to do something else.
Ransomware: infects your machine with malware and demands money in exchange for access. They may also threaten to publish private information if you don’t pay.
SQL injection attack: injecting malicious code into SQL to corrupt information or steal information.
APT (Advanced Persistent Threats): long-term targeted attacks planned months or years in advance. The goal is to occur at a weak point in the business operations.
Inside attack: when someone with admin privileges purposely misuses credentials to gain access to confidential info.
.
7 Layers of Security
After explaining the types of threats, we introduced the idea of the 7 Layers of Security:
Mission Critical Assets
Data Security
Application Security
Endpoint Security
Network Security
Perimeter Security
The Human Layer
.
Each organization is different depending on budget, acceptable level of risk, and compliance needs. However, basic security principles remain the same:
Training is absolutely critical at the human layer.
With the rise of work from home arrangements, the perimeter is wider. It is important to keep bad actors out of an ever-widening perimeter.
Understand your specific industry’s needs, particularly around regulatory compliance.
Minimum Security Plan Requirements
At minimum, ICG recommends the following be included in a security plan:
Develop a cross-functional security team that meets weekly
Purchase cybersecurity insurance
Secure the perimeter
Filter web content
Stay compliant (this includes operating systems, apps, and hardware)
Secure and monitor endpoint devices
Filter, archive, and backup email
Create a disaster recovery and backup strategy
Manage passwords through multi-factor authentication
Patch operating systems, devices, and applications
Train employees
.
Product Recommendations
ICG recommends the following key products:
Recommended firewall: Fortigate. This next generation firewall works at the application level. It has a zero trust policy – it assumes all assets have been compromised. They are treated that way until they are deemed safe. It can easily scale up or down depending on size and complexity. And it is easy to manage.
Recommended endpoint protection: Data Guard 365. This is an exceptional product at a very reasonable price. It is affordable for manufacturers and is industry specific.
Recommended products of backups and disaster recovery: Datto and Veeam. We recommend Datto for businesses with cloud operations. We recommend Veeam for businesses with virtualization.
.
Aside from that, ICG also recommends:
Arctic Wolf (SOC)
Duo (multifactor authentication)
Mimecast (email security)
Thycotic (access and password management)
Varonis (data protection)
.
ICG offers an unbiased and comprehensive look at your IT, focused on security. Contact your sales rep to learn more or to schedule a technology systems review.