E-COMMERCE VS. MANUFACTURING CYBERSECURITY: WHAT YOU SHOULD KNOW
In the digital world, most of us are constantly immersed in protecting data while ensuring smooth operations that have become increasingly complex in recent years, particularly in the age of COVID-19 for manufacturers and e-commerce leaders. With concerns of maximizing cybersecurity compliance increasing almost as quickly as consumer demand, we decided to take a deeper look at how data protection ties into e-commerce and manufacturing and what companies can do to remain competitive, compliant and trustworthy in the eyes of their customers.
To gain a better understanding, we looked to Bindu Sundaresan, director at AT&T Cybersecurity Consulting. With the firm for the past 12 years, Sundaresan and her organization offer planning and professional services to help customers in retail, healthcare, manufacturing, finance and more reduce cyber risks.
“You name the emerging technology irrespective of customer security maturity, we are there,” Sundaresan says. “We are starting to see some implications of rushed transformation efforts, putting companies at larger risk. They have to take stock of their altered risk profile as the threat surface grows and with the adoption of digital technologies in pursuit of new business models and enhanced customer experiences such as e-commerce in manufacturing.”
She adds that in the modern age, e-commerce is no longer just in sight for retailers or e-tailers. In fact, e-commerce has transformed the way major industries are conducting business from manufacturing, B2B and even shippers.
“It’s a whole function, end-to-end in terms of when the ordering is placed to checking on what stocks are available, to shipping,” Sundaresan says. “This is all happening through front-end e-commerce websites. E-commerce in general is an attractive target for the malicious actor, because that’s where the money is.”
Data protection in the digital space requires a strategic and tedious process–two words some would never think to put in the same sentence when talking technology. For businesses to successfully secure consumer data, company data and overall cybersecurity, all moving parts must be considered, starting with the basics. Sundaresan emphasizes that just because digital applications have been simplified, it does not ensure a successful launch of data-secured applications.
“Follow the data, think about every connection, think about the data flow, think about every connection you are making for every asset within your organization. Web application security must be taken seriously. Application Security 101 is how you should secure your third-party and open-source code because approximately 96 percent of apps today use borrowed code. Sure, it is a great way of standing an application up, making it run fast, and saving development time and resources. But at the same time, it will introduce vulnerabilities into your infrastructure.”
From its inception, web applications present competitive advantages—and significant vulnerabilities if not properly deployed. One must carefully consider the limitations and vulnerabilities of the selected tools over protected information to effectively secure and operate it.
“It’s not just about fraud protection or credit card data behind these applications,” Sundaresan notes. “It is about the denial-of-service attacks that can happen, making your website unavailable. It is not somebody stealing, it is somebody getting availability. It is about using your website and your brand to craft another webpage that looks exactly like your brand, and then do SQL injection on it. E-commerce websites now have sophisticated tools with shielding applications and technologies available. These are all affordable and easily consumable, eliminating the need to go in and actually change the code.”
Whether we realize it or not, almost all of us are using some type of e-commerce platform, IoT device or another form of digital technology enabling connectivity between us and the outside world of products and goods.
“Everyone cares about privacy, and this is a common thread across industry verticals,” Sundaresan explains. “We all use internally built applications, APIs and take payment information. Anyone that takes credit card information needs to comply with the PCI standard. It covers a lot of web applications and e-commerce security controls that are a must. Compliance is not the end goal, but it’s a great starting point for your framework.”
Looking at manufacturing, we see a different story unfold. Data protection measures are approached from a different angle that does not consider coverage for sensitive consumer payment information or personal identification. After all, many manufacturers are not dealing directly with the consumer but still have a need for securing digital transformation in the sector.
“As a manufacturer, you have to think about what the attack surface looks like and what the protection surface looks like,” Sundaresan warns. “It is critical for manufacturers to think of each new connection as a potential vulnerability to their attack surface. Gone are the days where manufacturers are going to look at just safety and well-being as the only priorities–security is now top of mind, and it should be.”
Along with basically every other industry sector across the globe, COVID-19 impacted and changed manufacturing. Sundaresan highlights the changes sparked by the pandemic and how manufacturers are now prioritizing data security.
“COVID propelled smart manufacturing, showing us that security is more about risk and resilience rather than just providing a technological element to operations. We have enough tools out there, and it’s time to initiate the joining of forces and look at how data can be exploited because of unpatched systems in manufacturing.”
Over the past 12 years, Sundaresan and her team at AT&T Cybersecurity Consulting have learned the adage, “you’re only as strong as your weakest link” was more than relevant during the pandemic for the supply chain, challenging the notion that just because a company is not focused on B2C operations does not eliminate risk for data breaches and threatened security.
“In the 20 years I have been working in the industry, there is not one thing that we don’t do at AT&T Cybersecurity. Some assume we might only do large projects or cater to those if they are connected to our network. That is not the case. In relation to the industry as a whole, an important takeaway is to remember that what manufacturing and healthcare are going through now, retail and finance went through this same thing about two, three years ago.”
To learn more about AT&T Cybersecurity and its diverse solutions portfolio, visit: https://cybersecurity.att.com/
Bindu’s experience, which spans more than 20 years, has been shaped by the opportunity to work with some of the world’s most innovative companies. She has worked with industry frameworks, including NIST/ISO/HITRUST, regulatory requirements including PCI, NERC, and HIPAA. Bindu has led dozens of cyber-risk engagements for Fortune 500 clients from strategy to technology implementation to breach response. She was tapped to lead a complex PCI and HIPAA compliance assessment for a leading global retailer, spearheaded a $1M security assessment, and worked on securing Criminal Justice Information Sharing Networks in NYC. Before AT&T, Bindu was a Senior Manager with Verisign. Before joining Verisign, she was a Senior Consultant with KPMG and a Senior Network engineer. Her love for teaching and mentoring started with her role as an Adjunct Faculty with the State University of New York (SUNY).