IIoT natives poised to win on cybersecurity

By Ashley Hurst
Share
As industry 4.0 becomes a reality, businesses in the manufacturing, logistics and supply chain sectors are increasingly shifting to 5G enabled environme...

As industry 4.0 becomes a reality, businesses in the manufacturing, logistics and supply chain sectors are increasingly shifting to 5G enabled environments in response to pressure on price, scalability and efficiency.

As these shifts take hold, digital natives may have the advantage over larger companies when it comes to cybersecurity.

Due to their disparate and international nature, many of the traditional organisations in these sectors will be plagued by legacy systems leaving them vulnerable to cyberattacks. This is especially true if they have recently been involved in M&A activity. But digital-first companies are in a position to implement state-of-the-art security systems and procedures from the outset. 

Post GDPR, security-related complaints and data breach announcements have significantly increased and, as regulators prepare to increase their efforts, they will be inclined to concentrate the implementation of their enforcement on the areas where they can make the most impact. This includes calling out some high-profile corporates. Following on from the ICO's notice that it intends to fine British Airways and Marriott International, it is expected that the next 12 months will result in further significant fines as regulators complete their investigations into some high-profile recent attacks.

Getting cybersecurity right requires a combination of “appropriate technical and organisational measures”. This is the standard adopted by the GDPR (and a similar standard is used in the NIS Directive). There is no established definition of what this means from a technological point of view, but in practice it means having all the technical security defences in place that would be expected of the company in question. If a data breach occurs and security improvements are made after the event, regulators will ask whether those improvements should have been made before the incident.

SEE ALSO:

Cybersecurity is a fast-changing environment but having up to date hardware and software in place is crucial. This includes applying multi-factor authentication across the business to limit the risk of phishing attacks. If the IT team is gradually working through a long list of “patches”, they need to ask themselves how many of them pose a serious risk and whether they need to scale up resource to get through the list quicker.

From an organisational perspective, larger companies are often more set in their ways, and changing systems can be hampered by red tape and bureaucracy, which makes it harder to implement a culture of compliance. Creating paper, including glossy incident response plans, is not enough; companies need to have the key information, including who to call, at their fingertips and they need to practice their crisis drills around different scenarios, making sure that roles and responsibilities are understood as their people come and go.

Smaller, nimble players, who are more likely to be disruptive, are also likely to have a more tech-savvy workforce and be unburdened by complex flow diagrams and playbooks. They can quickly get the right people around the table to deal with issues as they arise.

In relation to both technical and organisational measures, both need to come under scrutiny during transformation projects. This includes digital transformation projects, reorganisations and M&A projects. It is obviously better to think about this in advance than treat it as a paper and compliance exercise that needs to follow the event to keep the board happy.

 

By Ashley Hurst, Partner and Head of Technology, Media and Communications at Osborne Clarke LLP

Share

Featured Articles

Kinaxis: The 'Customers' Choice' for Supply Chain Planning

Kinaxis has been recognised as a Customers’ Choice in the 2024 edition of Gartner’s ‘Voice of the Customer’ for Supply Chain Planning Solutions

Why Coupa has been Named a Supply Chain Leader by Forrester

Coupa has been named a Leader in The Forrester Wave: Collaborative Supply Networks, Q4 2024, demonstrating its prowess facilitating supplier collaboration

Trick or Treat: Inside the $11.6bn US Halloween Supply Chain

Supply Chain Digital discovers what spooky surprises lie in store for the supply chain and logistics professionals who make Halloween happen every year

Why Vanderlande has Agreed to Acquire Siemens Logistics

Logistics

Procurement & Supply Chain LIVE: Sustainability – The Agenda

Sustainability

Maersk & Danone: Partnering Towards Greener Logistics

Sustainability