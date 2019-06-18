Modernization Of Business Processes Has Created New Cyber Security Threat

By Kip Kirchberg





Technology has changed the way business is conducted and evolved in a way that makes business more profit, better customer service, created more consistent and repeatable business processes and ultimately reduced the human workload and risk of error. Small businesses are now able to leverage some of the same technologies that allow big business to thrive and be successful.

From servers to mobile devices technology has allowed small business to utilize technologies that enables them to be competitive in today’s market. Take a small accounting firm for example. At one point in time accountants relied on paper journals and human checks and balances to ensure accounting records were accurate. Today accounting firms have programs like Microsoft Great Plains, QuickBooks, and Peachtree accounting that leverage technologies that use computer algorithms to ensure accounting accuracy. Some of these programs are so user friendly that many small business owners leverage the software themselves and simply use accounting firms to validate their information.

Next we can look at a manufacturing facility. I remember touring a plant where my grandfather was a plant manager. His manufacturing facility made transmission gears and parts for the big three auto manufactures. I can remember watching the production employees follow set procedures that were required as part of the gear making process. None of these processes were automated and highly relied upon human interactions. Shop floor production employees were required to set furnace temps, monitor temp, and heat treat parts for a set amount of time before removing from the oven.

Step forward to today and the same type of gear and part manufacturing facility relies on automation to complete the manufacturing process. Humans are simply there to monitor the machines and ensure that no errors occur. The machines rely on PLC’s to monitor furnace temps, adjust furnace temps, and complete the manufacturing process to ensure a consistent and reliable heat treat process. Only possible with automation.

Now I understand the two examples with the accounting firm and gear manufacturing plant appear to be completely different business units. I can agree that yes these two businesses are different. However, both of these businesses have one thing in common. They rely on some type of automation system to conduct business. Without them the business would not exist.

In both cases the business described depends on email, file systems, accounting, CRM, and many other business processes systems that are vital to their very existence. What many businesses take for granted is the simple fact that these very systems need to stay up to date with current Operating Systems and patched with the latest OS and security updates. By not maintaining general pc or server hygiene your organization could fall victim to a cyber security attack.

There a few steps you can take to ensure your environment is protected and has a reduced cyber threat footprint. The first and most obvious step should be to make sure all machines are on supported OS’s , patched, and up to date with security practices. In some cases, we have to recognize that due to some business processes not all machines can be on the latest and greatest OS. Some of these legacy systems have helped run businesses for generations and simply run like a fine tuned machine. However, these same machines are like a sitting duck waiting to be discovered by a cyber-attacker who could take advantage of OS vulnerability’s and launch malicious attacks against your organization. As shown in recent news this could be a devastating hit that affects business for days, weeks, or even months.

If a business is shut down due to a cyber-attack this could affect the employees by putting them out of work during the outage, prevent product or services from being provided, and ultimately could result in the business shutting down.

At the end of the day it is up to each and every one of us to identify unsupported or unpatched systems living in our environment and develop strategies to protect out of date OS’s and unpatched systems from becoming a launching pad for future cyber-attacks. For machines that cannot be updated to the latest OS or patched it is highly recommended that these types of systems be isolated from the network, placed behind a firewall, and have no access to the internet.

The goal should be to ensure all systems patched and up to date. To be impactful it is recommended that these systems be patched at least quarterly. If you are unable to patch or update a system OS steps should be taken to ensure your digital safety.

As stated earlier we have not only evolved business process and dependencies but we must now evolve as a digitally dependent organizations and make cyber safety a priority.

If you or your organization has questions on how to audit, pen test, or mitigate potential cyber security issues please feel free to contact me for a consultation.

You can reach me at [email protected] or at 863-734-8060.

Kip Kirchberg

Cyber Security Specialists