John and Pete are back with Hayley and Kevin from MassMEP for another Cybersecurity podcast. This latest podcast is covering some of the hot topics of Synagex’s recent cybersecurity breakout sessions for manufacturers in MassMEP's extended network. In this post, we'll cover some of the main points discussed in the podcast, but if you have time to listen in—here's a link to the full show: massmep.org/podcast/ep-80-threat-actor/
"It's a beautiful day to talk cybersecurity"
For the third episode of MassMEP's Manufacturing Your Future Smart Manufacturing breakout room series, John and Pete of Synagex took the time to review the main points of their cybersecurity-focused sessions. As noted in the podcast, we used to talk about current happenings in the world of cybersecurity, but we are all quickly realizing that it doesn’t matter what is currently happening, this isn’t going away! In fact, it's becoming more personal—how many people have been affected by a cyber attack in some shape or form?
Cybersecurity, from a Risk Perspective.
The most key point from Synagex's cybersecurity breakout sessions was the concept of approaching cybersecurity from a risk perspective. We like to use our risk rainbow—it's a way to make this complicated problem more simple. We understand that small businesses typically don't want to spend a ton of time on cybersecurity investments, because it's not directly revenue generating, so by looking at the risk rainbow—and seeing risk in layers—we start weighing cybersecurity risks and begin to identify where investments can be made to best secure each individual organization.
“If we are going to do right by our clients we are going to talk about the different ways in which threat actors are going to attack a certain business”- J. Sinopoli
A lot of it companies sell tools to address problems, but to us its more than that. We like to focus more on education, and educating the people within an organization—and even physical security. For example a small dentists office could have all of their most critical assets stored in an unlocked closet that everybody is putting their coats in…
these are challenges that you wouldn’t naturally associate with cybersecurity, but if you look at this issue as a risk issue, and identify what’s important to the environment, it makes it simpler to see what things you should be thinking about and investing in to improve overall cybersecurity—the biggest bang for our buck. These strategic conversations are the most critical!
Cybersecurity Myths, Debunked.
Another key point we covered in our cybersecurity breakout sessions were common cybersecurity myths—the number one myth being organizations believing they are too small. For a long time that was a popular opinion, and it's not true! Threat actors are going after the small organizations too. It's just as easy, if not easier to make money, rather than going after a multi million dollar company—and it adds up. Plus, small organizations don’t tend to look at their backup policies and end up held hostage because of that in order to get their critical data back.
You Cybersecurity Questions Answered.
Here's the most common questions we get about cybersecurity:
Q: What are the most common ways that hackers attack networks?
A: It’s phishing. The personal aspect/people part is your #1 security risk. This is why we recommend that organizations always train staff to protect against this risk!
Q: How can we train employees to be more security-aware?
A: Be paranoid! AI and new technology is making things worse, making it even harder to know when someone is actually trying to compromise your security. Until we find better ways to deal with this tech and risk, we're going to have to be paranoid about what we're doing and how we are responding to email.
“Were in a place where these risks are much larger than technology alone can handle, so we have to be paranoid.”-J. Sinopoli
Q: Do you think it's important for companies to implement some kind of standard onboarding process involving cybersecurity?
A: Yes. It's something that is required when you are trying to reach CMMC or NIST 800-171 regulations, but it also must be ongoing. It's important to keep it relevant, and we actually use a company that sends out videos including subjects that are funny and things that really stand out to make you realize you need to be more vigilant about everything. Things are always evolving—threat actors aren’t always even people that know how to hack, and AI is increasing this ability even more.
Q: Where do we see cybersecurity on a priority scale to manufacturers?
A: In manufacturing, there is so much that can be affected by the risk. We work across a lot of entities, and different businesses use tech in different ways. The critical information is different in every industry. Manufacturing is moving towards industry 4.0 and automation, an inevitably old machines are going to break down and need to be refreshed or upgraded to those with more technology in them. Introducing more technology always introduces more risk, so the investment in cybersecurity needs increase with it. Our general feeling is that folks aren’t thinking about it enough!
Operational Technology (OT) is becoming much or integrated with IT, and the rate of increase of hacks and threats towards OT is just skyrocketing. The systems were not always connected to the internet, but now they are, and the known vulnerabilities in these devices and in IoT technology is just going up—typically in a year, you can identify 1000 - 1500 vulnerabilities in OT and this year, it has doubled. It's going up every single day.
“We are absolutely at a place now where if we're not thinking about investing in cybersecurity, we’re a little behind”-J. Sinopoli
Q: What is the largest sector of businesses that we work with?
The largest industry by volume that the team at Synagex works with is in manufacturing and DoD contracting. However, our largest clients are not necessarily in this sector. For example, we just started working with a concrete company with hundreds of employees, which is a great example of an organization that does have the same sort of risk tolerance that a DoD contractor might have—they might be ok with a little bit of cyber risk.
Manufacturing is where we feel most comfortable. We’re former bankers and in banking the cybersecurity perspective has been there for decades—if your bank account was hacked and cash was extracted, that was something that was intolerable decades ago. We came out of this industry and were a little surprised when other folks weren’t as invested in cybersecurity. Of course covid brought about higher adoption of technology, and a primetime for threat actors to go after this risk.
A Cybersecurity Tip to End On.
Consider your password protection! We highly recommend not using the built-in password managers on your web browsers. Instead, try Dashlane, Lastpass, Dropbox, etc. Using these tools is a much more powerful way to deal with password management, and definitely more effective than writing them down, saving them in a document on your computer, or again, clicking yes to save them in your browser!