How can manufacturers brace themselves for IoT-related risks?

The Internet of Things (IoT) is a game-changing opportunity for manufacturers seeking to maintain or bolster their competitive edge in today’s increasingly complex business landscape. No longer a glitzy buzzword, IoT, and the ability to connect products and people together, is a critical strategic opportunity for manufacturers. In fact, nearly two-thirds of manufacturers believe that applying IoT to their products will increase profitability over the next five years, according to the MPI Internet of Things Study, sponsored by BDO.

Paradoxically, though, one-third of manufacturers don’t have a plan in place to develop an IoT strategy for their processes and products. Moreover, nearly half–49 percent–are unsure or not confident in their ability to prevent a cybersecurity breach at their company, findings from the study exclusive to BDO revealed. Given that the costs associated with breaches are up more than 23 percent since 2013, according to data from the Panemon Institute, this preparedness gap could be exposing manufacturers to significant unforeseen costs. 

Before manufacturers can fully capitalize on the potential benefits of embracing IoT has to offer, they need to ensure their digital infrastructure is strong. The following are a few key first steps for manufacturers looking to proactively strengthen their security:

1.       Start by conducting a thorough evaluation of internal and external data vulnerabilities.

Among manufacturers’ most sensitive data assets are their IP and patents, and as they embrace a more connected enterprise, they must be mindful that greater access begets greater opportunity for hackers to infiltrate their systems. Identify and classify the company’s data assets, assigning a low-, medium- or high-risk rating so that the appropriate degree of protection can be applied to each.

Conducting a strong evaluation process requires taking into account the entire data life cycle from creation to disposal, implementing the proper controls, layers and value chains for different types of data to ensure thorough protection. Throughout this process, companies should ask:

·         Is the data at rest or in motion?

·         Where and how is the information stored? Who has access to it?

·         What potential threats exist that could expose the data’s vulnerabilities?

·         What are the potential consequences for the company if the information is stolen or hacked?

Analyst Mary Meeker’s annual Internet Trends report revealed that a large portion of breaches go undetected, with 70 percent reported to companies from outsiders. Of course, internal attacks can and do occur, whether unintentional or not. Thus, employee training and education is also critical in maintaining security from the inside out so that employees understand their part in keeping the company’s data infrastructure secure, as well as the potentially dire consequences of lax security practices.

2.       Address emerging risks associated with increased connectivity.

While an interconnected way of doing business opens the doors for innovation, manufacturers are finding themselves faced with heightened data-related risk within products themselves. Gartner forecasts that 6.5 billion Internet-connected “things” will be in use across the globe by the end of this year, a 30 percent jump from 2015. That breakneck pace is putting the pressure on manufacturers to consider pathways and protections for not only their own data, but also end users’ sensitive information that may be transmitted or housed by IoT-enabled products.

Consumer products will continue to account for the largest number of connected things, Gartner’s vice president predicts. The same proactive measures of identifying gaps and applying the appropriate degree of control applies to the sensitive data–both company and consumer–that lies within connected equipment and devices. It’s critical in today’s ultra-competitive manufacturing landscape that companies couple product innovation with an investment in internal controls and security precautions. That time investment in reaching the right mix of usability and security could delay a product’s market debut, but doing so could make for a longer lifespan and greater long-term profitability.

3.       Prepare and, more importantly, regularly test an incident response plan.

The ability to detect and manage a data breach in a timely manner is critical for manufacturers to protect not only their intellectual property, but sensitive customer and employee information. And while strong protective measures can certainly reduce the likelihood of an incident, no company is completely immune to data breaches, particularly manufacturers who are pushing full speed ahead toward integrating IoT into their products and processes. Nearly half of manufacturers (45 percent) do not have or are unsure if they have an information security policy in place addressing Internet-connected devices that are not used as a computing or communications platform, according to the MPI Internet of Things study, sponsored by BDO.

If a breach does occur, having a strong incident response plan already in place can cut down on reaction time, helping the company minimize damage and return to normal quickly. Any affected systems should be closed off in order to identify the root cause of the security breach. From there, companies should gather as much information as they can about what gaps and vulnerabilities contributed to the breach, how they were compromised and how they can be plugged to prevent against future incidents. From there, the plan should include protocols for reporting the incident to relevant parties, including regulatory bodies, customers and other key stakeholders. Perhaps most importantly, manufacturers should be sure to test and update their response plan regularly to ensure that it’s keeping pace with new and updated products and production processes.

The ability to swiftly react to a breach helps companies keep a security issue from escalating into an expensive and damaging debacle, protecting their reputation, competitive edge and, ultimately, their bottom lines. And doing so within an evolving marketplace characterized by an increasing emphasis on connectivity is only possible when the proper mix of proactive and reactive systems in place. 

BDO delivers assurance, tax, financial advisory, and consulting services to clients throughout the United States and around the globe. Learn more at www.BDO.com.