Cyber Security Insights for the Building Products Industry

Published on April 13th, 2018

 

EXECUTIVE SUMMARY

Cyber security threats are a real and significant danger for building products manufacturers, but there are steps companies can take to protect themselves. Learn more about the reality of this type of threat, the impact of a cyber security breach on your business, and two different approaches that your organization can take to protect itself.

 

THE THREAT IS REAL

The rise of cyber security attacks has propelled names like Heartbleed, Spectre, and Meltdown into news headlines and subjected companies such as Equifax, Target, and Yahoo to unwanted scrutiny following cyber security breaches. No one wants to be “that company” that suffers an attack, yet many aren’t taking proper precautions to avoid being a victim.

If you think that your company is too small, that hackers wouldn’t target building products manufacturers, or that you’re not a target because you’re not in eCommerce, think again. It doesn’t matter how big you are, what industry you’re in, or how you do business. Most cyber security attacks are quite indiscriminate—viruses, malware, and crypto-ransomware infect computers and servers regardless of who you are because they’re simply looking for the path of least resistance.

The fact of the matter is that building products manufacturers are targeted by these threats. WTS Paradigm has seen a manufacturer’s unprotected server receive as many as 80,000 intrusion attempts in a single day from as many as 500 different IP addresses! If your computers, servers, or network have vulnerabilities, you can be sure that someone out there is likely trying to exploit them.

So now that we’ve established the reality of the threat, let’s talk about what a cyber security breach really means to your business in practical terms. To illustrate this point, let’s use the hypothetical example of a crypto-ransomware threat. Crypto-ransomware attacks are one of the fastest growing trends we’re seeing in the global marketplace. Once crypto-ransomware infects a computer or a network, it encrypts your data to extort money (typically in the form of crypto-currency) from you. Even if you pay, there’s no guarantee that the criminals behind the ransomware will unencrypt your data.

If you experience this type of security breach, you could potentially lose all your electronic records surrounding orders, inventory, production, shipping, etc. Best case scenario, you have hourly backups that you can lean on to minimize the amount of data lost. If you back up your data daily or weekly, you may be able to re-key information from hard copies, but that comes at a significant loss in terms of productivity. Worst case scenario, the data may simply be lost, never to be seen again.

In all scenarios, the cost to you is potentially threefold: lost business, the expense of recovery, and damage to your reputation. The actual dollars and cents cost will vary from incident to incident, but a recent study by the Ponemon Institute estimates the average cost to be $3.6 million. The takeaway here is that this type of threat is on an order of such magnitude that it is worth taking preventative measures to mitigate the risk.

 

WHAT ARE YOUR OPTIONS?

In the complex and ever-changing world of cyber security, you really have two options for protecting your company: you can either do it yourself, or you can partner with a third-party company that offers hosting services.

 

BEST PRACTICES FOR DOING IT YOURSELF

If you choose to do it yourself, the best practice would be to have documented strategies and policies in place for each of the following areas, licensed solutions whenever possible, and staff in place to execute and manage all of it:

  • Leverage end-point protection suites (anti-virus, anti-malware, intrusion detection, etc.)
  • Stay current on your operating system and software patches (they’re routinely updated to address vulnerabilities)
  • Secure your network using restrictive firewalls (this prevents unauthorized access)
  • Use secure data transmission protocols (this prevents your data from being read during transmission)
  • Provide physical security around your data center (physical locks, video surveillance, etc.)
  • Utilize a systematic change management approach (test before you put things in production and have a good back-out strategy)
  • Back up your system and replicate your backups to alternate locations (full backups, differentials, and transaction logs all need to be protected to allow for point-in-time recovery in the event of a critical incident)
  • Disaster recovery (we recommend moving your backups across the country so that if a regional catastrophe occurs, your data is still safe)
  • Monitoring your system for service performance and availability (including detecting unusual or unauthorized activities)

While staffing needs will scale based on the size of the organization, we recommend, at a minimum, accounting for the following functional areas:

  • Database administration
  • Network security
  • Server/system administration

It’s also a best practice to have one or more members of your staff on-call to deal with incidents during off-hours and reduce the impact to your business. If you’re wondering what the DIY approach will cost you, a good ballpark figure for staff and licensing is $250,000 per year for a small organization. This can scale up into the millions of dollars for larger organizations.

 

THE EASY BUTTON: PARTNERING WITH A THIRD-PARTY PROVIDER

If the DIY approach seems too daunting or costly, then partnering with a third-party may be the right fit for you. A reputable third-party who specializes in hosting services can provide you with all the precautionary measures we shared in the DIY section above, potentially at a lower cost. In addition to cost benefits, using a third-party provider also means that you’re supported by a team of experts that specialize in data security. This can free up your IT staff to work on other projects, reduce your IT spend, and give you confidence that your data is secure.

 

ABOUT WTS PARADIGM

WTS Paradigm is a software and services solution provider that exclusively serves the building products industry. Our best-in-class hosting services enable customers to have peace of mind about their data security, often for a fraction of the cost of doing it themselves. We adhere to a strict set of policies and standards which encompass all the best practices mentioned in this article. Our portfolio of customers includes some of the world’s largest manufacturers and retailers, spanning North America, South America, Europe, and Asia.

 

For more information on our hosting services, please complete the form below and a member of our staff will be happy to contact you.