Cybersecurity Expert Answers Manufacturer Questions
Summary of our experiences at the Conférence des Enjeux Manufacturiers (CEM) organized by the STIQ on the 1st December 20222. Streamscan founder, Karim Ganame, was the expert invited on the panel Cybersecurity: Acknowledgement to its Application (Cybersécurité : de la prise de conscience à la mise en pratique).
Here are a few of the questions the public asked:
Question: How to secure your manufacturing environment?
The first step is to analyze the security risks of the IT and OT environment. The goal is to identify 5 main cybersecurity risks that can affect the company operations. The threat assessment factors are based on the company’s cyber incidents history rated by the impact on the business and the most frequent type of cyber incidents in that business sector. For example, manufacturers often encounter production line stoppage following a cyberattack, theft or exfiltration of their intellectual properties, etc.
Question: Are traditional security policies enough protection?
No. Ideally, you want to cover all sides!
The purpose of IT security policy (handbook, documentation) is to educate employees on the safe code of conduct. Installing traditional security softwares (anti-virus, firewall, etc.) you may reduce the probability of being hit by low-level cybersecurity threats. Nevertheless, these prevention measures can easily fail due to the human factor.
Cybersecurity technology implements continuous monitoring protocols. It’s an operational, reliable and precise cybersecurity solution that instantly detects anomalies thanks to its artificial intelligence (AI) which is also found in Streamscan’s CDS which goes beyond traditional security programs.
Cybersecurity technologies and 24/7 monitoring of your network is the key to completely secure your operations. You should always keep in mind that a cyberattack is a random operation meaning it can happen at any time. As soon as a system is connected to the Internet, it turns on the cyberhacker’s radar. No matter what, your business operation is always at risk.
Question: Ransomware: Can hacker be trusted?
Answer: Never! Call cybersecurity experts to negotiate for you!
If you decide to pay a ransom at the request of a hacker, keep in mind that the outcome is always uncertain. There is no guarantee that the hacker will honor their words. The hacker may give you the valid encryption key after the ransom is paid, or they may simply disappear. You may also receive a decryption key that doesn’t work. Not to mention the fact that paying a ransom also increases the risk of more cyber attacks.
The hacker is still a criminal! Even if they lead you to believe that they are friendly, it is just manipulation! You should never trust them!
The best solution is to prepare yourself to avoid having to negotiate with a hacker. Protect your network, educate users, monitor your network security 24/7 with high-tech features like Streamscan’s CDS!
Question: Are there any financing solutions for manufacturers to start cybersecurity initiatives?
Answer: Yes.
Prompt Innov: The Ministère de l'Économie, de l'Innovation et de l'Énergie
(MEI) and Prompt Innov have put in place a program that finances manufacturer’s cybersecurity initiatives, such as obtaining a cybersecurity certification required to commercialize a technology.
In-Sec-M: In-Sec-M's Cybersecurity Support Program for SMEs is a collaboration with the National Research Council of Canada's Industrial Research Assistance Program (NRC-IRAP) to promote the installation of cybersecurity measures subsidizing organizations up to 25 hours.
Aéro Montréal: For aerospace companies that are suppliers to the U.S. Department of Defense (DoD), it is required to have a cybersecurity certification called Cybersecurity Maturity Model Certification (CMMC). Aéro Montréal has put in place a program to support companies that need to be CMMC certified.