How to achieve IT peace of mind in a manufacturing company?
In 2021, 62% of Estonian companies encountered cyber threats, according to a recent study by Turu-uuringute AS. This means that the risk of falling victim to a cyber attack exists for virtually every company. Vahur Jõesalu, CEO of BRS Networks Baltic AS specializing in IT management for manufacturing and industrial companies, discusses how to achieve secure and reliable IT systems in the manufacturing industry.
There's been a lot of talk lately about IT security, hacking, and data theft. However, when discussing these issues with company leaders, the attitude towards cybersecurity is often lukewarm. It's a common belief that one's own data is not valuable to others, and therefore, they are not considered a target for cyber attacks.
But what if your company's six months' worth of data disappears? Or as an individual, you lose several years' worth of family photos? While these may not be as important to others, what would you do if suddenly those data were gone? Such cases occur every day, even here in Estonia. Suddenly, a company may lose its sales and production data, drawings, and accounting information, and they become irretrievable or subject to a hefty ransom demand. This could mean starting from scratch or even closing down the company. Therefore, seemingly insignificant information to others becomes invaluable the moment you lose it or are deprived of it.
What can be done to prevent such incidents?
When discussing IT security, it's important to consider the entire IT management of the company from start to finish and take into account the three main components of information security:
- Confidentiality, which means that only authorized individuals should have access to the data.
- Integrity, which ensures that the data can be trusted and no one can maliciously alter them.
- Availability, meaning that the data should be accessible when needed.
While the first two components may not resonate with everyone, the third component, data availability, is likely important to every company. Whether your data is stored in the cloud or on your own server, it's crucial to recover them quickly in the event of an attack, without paying any ransom to the criminals.
Organizing IT according to an information security framework brings not only security but also reliability
There are numerous measures that can be implemented to enhance information security. However, depending on the company's size, needs, and data sensitivity, not all actions are always reasonable. If a company is unsure where to begin with improving information security, it's a good idea to rely on an information security framework.
There are several information security management frameworks in the world (such as ISO 27001, NIST), but some may have drawbacks, as they are designed for very large enterprises and require dedicated personnel for implementation, making it time-consuming. If a company lacks such resources, a good alternative is the CIS Controls information security framework.
The CIS Controls framework provides easily understandable guidance on which measures to implement in order to achieve maximum protection against modern cyber threats as quickly as possible.
The advantage of CIS is that it is suitable for smaller companies as well. It is easy to start with and understand, providing clarity on the current state, what needs to be done, and the logical sequence of actions. The framework consists of easily implementable security measures divided into three groups:
Group 1: Cybersecurity basics hygiene, which can be applied by all companies.
Group 2: Measures for more complex organizations.
Group 3: Measures for organizations with heightened security requirements.
The CIS information security framework provides practical, step-by-step guidance for securing IT systems. It is based on best practices selected and approved by the nonprofit organization Center for Internet Security (CIS) community, which includes IT professionals from around the world.
Mappings have also been created that compare CIS security measures with other information security standards and frameworks, such as ISO 27001 or NIST. Therefore, CIS serves as a good foundation if a company ever wishes to pursue ISO certification in the future.
The implementation of CIS not only improves security but also enhances data availability or accessibility, as organized IT systems are more reliable. Well-thought-out processes also reduce any potential downtime because when all steps in the company are planned and followed according to developed processes, the chances of errors are minimized.
I have been involved in IT management for manufacturing companies for a long time, and I have observed an increasing demand from foreign partners for certain security processes to be in place, indicating the local manufacturer's IT security and capabilities. Business simply does not commence until the deficiencies are addressed. Rectifying such shortcomings takes time and money. However, if you have organized your entire IT infrastructure according to a well-known framework, it automatically increases trust in you and your business, simplifies compliance checks, and ensures faster order fulfillment.
Achieving cybersecurity is a journey, not a one-time activity.
Attaining a resilient level of information security against today's threats requires competent management. The skilled team at BRS Networks Baltic offers an assessment of your company's information security situation, development of an action plan, and, if desired, implementation of the plan along with ongoing advisory support to the management. They consider all crucial aspects of information security: availability, integrity, and confidentiality (the CIA triad). As a member of CIS SecureSuite, the company has access to tools that facilitate the smooth and swift implementation of the CIS information security framework.Looking for peace of mind in IT matters?
Get in touchThe article was originally published in Tööstusuudised.ee.