2021 Marcum National Manufacturing Survey

14

THE 2021 MARCUM NATIONAL MANUFACTURING SURVEY

TECHNOLOGY AND PROCESS IMPROVEMENT (continued)

I T P E N E T R AT I O N T E S T : R E V I EW O F CY B E R P R E PA R E D N E S S

by Drew Reusser | Marcum llp

Everyone is talking about cybersecurity — you cannot escape it. When you open a newspaper or magazine, or pull up your news feed, you instantly see a headline about a company getting hacked or falling victim to ransomware, or worse. You might think to yourself, “That is someone else’s company, we are secure. Who would want to target us?” The days of living in the shadows with relative anonymity are over. Everyone leaped at the chance to get online, and with 21st-century tools come 21st-century problems. The speed at which the security landscape changes is measured in hours, and resilience is the key to surviving today’s modern connected world. According to the 2021 Marcum Manufacturing Survey, 54% of respondents felt confident or very confident that their technology is protected against cyber threats. Forty- three percent said they were neutral and 3% said they felt panicked. That tells me that about half of the participating companies have looked at their cybersecurity readiness and feel it is adequate. The rest either know their status and know they are not in the best place or, more worryingly, don’t know their current cybersecurity readiness. One of the best ways to know your cybersecurity status is to have an IT professional perform a penetration test and/or a cyber-preparedness assessment. According to Marcum’s survey, 57% of respondents have performed a review/assessment in the last year, and 23% have done so in the last two years. Concerningly, 20% said they have not performed a review/assessment in the last five years or have never performed an external review/assessment. That 20% of companies are very exposed to threats.

In any manufacturing company, your four biggest systems are the accounting system, enterprise resource planning (ERP) system, email, and the voice system. In the survey, Marcum asked how long it had been since the last major ERP system update was performed. A respectable 43% said that it had been less than a year, while 31% said one to three years, and 26% said greater than three years. While some manufacturers come out with patches rather infrequently, some vendors release patches monthly. Not performing upgrades to your ERP system leaves one of your four most critical systems exposed to known, and possibly actively exploited vulnerabilities. As I mentioned in my opening paragraph, resilience and speed are key to not falling victim to the latest headline- grabbing hack. There are a few ways to increase resiliency and give yourself a fighting chance: Isolate your production systems from your back- office users and the internet. Use a modern spam and anti-malware email gateway to filter incoming/outgoing emails. Store good backups of your data and validate that they are solid on a regular basis. Implement good security awareness training, which helps educate your employees and contractors about cybersecurity and threats. Regularly review your policies and procedures to ensure they are up to date and meet the needs of the ever-changing security landscape. If you would like to know more about how Marcum can help you with these and other services, please visit: https://www.marcumllp.com/services/advisory/ technology-consulting/cybersecurity-digital-forensics/ cyberinspect X X X X X

Drew Reusser, Senior Manager – Cybersecurity Defense & Threat Management, Marcum LLP 949.236.5718