A majority of manufacturers either don’t perform annual penetration tests on their IT infrastructure or don’t know if the tests take place, according to a survey by professional services firm Sikich.
The tests are designed to actively seek out potential problems in a company’s infrastructure and attempt to breach the security that has been put in place. Brad Lutgen, Sikich partner for security and compliance, said many manufacturers aren’t even doing testing to find their vulnerabilities, much less attempting to penetrate them.
“There’s a large percentage of manufacturers who aren’t doing the basics when it comes to cybersecurity,” Lutgen said.
He noted that cybersecurity has traditionally been driven by compliance mandates, but high-profile attacks on retailers like Target and health insurance provider Anthem have led many businesses to take a more active role in monitoring their security.
Despite the potential for being a target of choice for overseas competitors, Lutgen said manufacturers have remained behind the curve when it comes to cybersecurity.
“In today’s ultra-competitive and global marketplace, it is important to remember that many international competitors are not playing by the same set of rules and ethics,” the Sikich survey report says. “These types of organizations can view cyberespionage as simply a common cost of doing business.”
Jim Wagner, Sikich partner-in-charge for manufacturing, said a cyberattack can be disruptive to a company’s process, but also could threaten the firm’s survival.
“It only takes one event to really damage a company,” he said, adding that he believes many companies don’t know the cost of protection.
Lutgen said vulnerability scanning at a basic level can be done for less than $1,000 per year and would cover about 80 percent of potential problems.
The Sikich survey included companies from across the country, but respondents were heavily concentrated in northern Illinois and Wisconsin.
The survey also found that 51 percent of manufacturers say improving customer service is the main factor driving their investments in technology. Reducing costs was listed as a top factor by 38 percent.
“That’s all the more reason to make sure your IT systems are secure,” Wagner said.