Modernization Of Business Processes Has Created New Cyber Security Threat
By Kip Kirchberg
From servers to mobile devices technology has allowed small business to utilize technologies that enables them to be competitive in today’s market. Take a small accounting firm for example. At one point in time accountants relied on paper journals and human checks and balances to ensure accounting records were accurate.
Today accounting firms have programs like Microsoft Great Plains, QuickBooks, and Peachtree accounting that leverage technologies that use computer algorithms to ensure accounting accuracy. Some of these programs are so user friendly that many small business owners leverage the software themselves and simply use accounting firms to validate their information.
Next we can look at a manufacturing facility. My grandfather was a plant manager for a manufacturing facility made transmission gears and parts for the big three auto manufactures. I can remember watching the production employees follow manual procedures that were required as part of the gear making process. None of these process were automated and highly relied upon human interactions. If they did not have the furnace at the right temp or heat treat for the right amount of time parts would fail inspection and be rejected. As you can imagine this the rejection rate was high and costs the company lost revenue.
Step forward to today and the same type of gear and part manufacturing facility relies on automation to complete the manufacturing process. Humans are simply there to monitor the machines and ensure that no errors occur. The machines rely on PLC’s to monitor furnace temps, adjust furnace temps, and complete the manufacturing process to ensure a consistent and reliable heat treat process while increasing over all company profitability. Only possible with automation.
Now I understand the two examples with the accounting firm and gear manufacturing plant appear to be completely different business units. I can agree that yes these two businesses are different. However, both of these businesses have one thing in common. They rely on some type of automation system to conduct business. Without them the business would not exist.
In both cases the business described depend on email, file systems, accounting, CRM, and many other business processes systems that are vital to their very existence. What many businesses take for granted is the simple fact that these very systems need to stay up to date with current Operating Systems and patched with the latest OS and security updates. By not maintaining general pc or server hygiene your organization could fall victim to a cyber-security attack.
Here a few steps you can take to ensure your environment is protected and has a reduced cyber threat footprint. The first and most obvious step should be to make sure all machines are on supported OS’s , patched, and up to date with security practices.
In some cases, we have to recognize that due to some business processes not all machines can be on the latest and greatest OS. Some of these legacy systems have helped run businesses for generations and simply run like a fine tuned machine. However, these same machines are like a sitting duck waiting to be discovered by a cyber-attacker who could take advantage of OS vulnerability’s and launch malicious attacks against your organization. As shown in recent news this could be a devastating hit that affects business for days, weeks, or even months.
If a business is shut down due to a cyber-attack this could affect employees by putting them out of work during the outage, prevent product or services from being provided, and ultimately could result in the business shutting down due to the financial loss caused by the cyber-attack outage.
At the end of the day it is up to each and every one of us to identify unsupported or unpatched systems living in our environment and develop strategies to protect out of date OS’s and unpatched systems from becoming a launching pad for cyber-attacks. Machines that cannot be updated to the latest OS or patched should be placed behind a Next Generation firewall and have no access to the internet.
The end goal for your organization should be to ensure all systems patched and up to date. To be impactful it is recommended that these systems be patched at least quarterly. If you are unable to patch or update a system OS steps should be taken to ensure your digital safety.
As stated earlier we have not only evolved business process and dependencies but we must now evolve as a digitally dependent organizations and make cyber safety a priority.
If you or your organization has questions on how to audit, pen test, or mitigate potential cyber security issues please feel free to contact me for a consultation.
You can reach me at [email protected] or at 863-734-8060