《2020年中小型制造商网络安全指南- MEP(英文版)(24页).pdf》由会员分享,可在线阅读,更多相关《2020年中小型制造商网络安全指南- MEP(英文版)(24页).pdf(24页珍藏版)》请在三个皮匠报告上搜索。
1、MANUFACTURERS GUIDE TO CYBERSECURITY For Small and Medium-Sized Manufacturers Table of Contents A Growing Threat to U.S. Manufacturing Understanding the Risks to Your SMM Firm Protecting Your SMM Firm Identify Protect Detect Respond Recover NIST Cybersecurity Framework Steps 01 04 06 07 09 15 17 19
2、21 1 If youre like most U.S. small and medium-sized manufacturers (SMMs), you rely heavily on information technology to conduct business. Day-to-day business operations like banking, payroll and purchasing are all conducted over the Internet. Machines on the shop floor are connected to networks and
3、employees use mobile devices to access company information. Have you ever considered how vulnerable your SMM firm might be? Hackers and cyber criminals are focusing their attention on SMMs just like you. Many larger manufacturers in the U.S. have been putting people, technology and money into protec
4、ting themselves from cybersecurity threats. These manufacturers have become more difficult targets for malicious attacks from hackers and cyber criminals. Because SMMs typically dont have the resources to invest in cybersecurity the way larger manufacturers can, many cyber criminals view them as sof
5、t targets. You may not consider yourself a target, but your SMM firm may have money or information that can be valuable to a criminal. Your computer can be compromised and used to launch an attack on someone else (i.e., a botnet) or your firm may provide access to more high-profile targets through y
6、our products, services or role in a supply chain. It is important to note that criminals arent always after profit. Some may attack your manufacturing company out of revenge (e.g., for firing them or somebody they know) or for the thrill of causing havoc. Similarly, not all events that affect securi
7、ty are caused by criminals. Environmental events such as fires or floods can severely damage computer systems. A Growing Threat to U.S. Manufacturing 61% of small businesses have experienced a cyberattack in the past 12 months. Common Types of Attacks and Breaches RansomwareSPAM Identity TheftWeb At
8、tacks Spear Phishing Source: 2017 State of Cybersecurity in Small then they run their anti-spyware software (e.g., 2:30 a.m.) and run a full system scan (e.g., 3:00 a.m.). This assumes that you have an always-on, high-speed connection to the Internet. Regardless of the actual times for the updates a
9、nd scans, schedule them so that only one activity is taking place at any given time. If your employees do any work from home using their own computers or personal devices, obtain copies of your business anti-malware software for those systems or require your employees to use anti-virus and anti-spyw
10、are software. You may want to consider using two different anti-virus solutions from different vendors. This can improve the chances a virus will be detected. Often, routers, firewalls and IDPSs will have some anti-virus capabilities, but these should not be exclusively relied upon to protect the ne
11、twork. 34% of all documented cyberattacks targeted manufacturers. Source: Global Threat Intelligence Center 2017 Q2 Threat Intelligence Report, NTT Security 16 Maintain and monitor logs Protection/detection hardware or software (e.g., firewalls, anti-virus software) often has the capability of keepi
12、ng a log of activity. Ensure this function is enabled you may want to check the operating manual for instructions on how to do this. Logs can be used to identify suspicious activity and may be valuable in case of an investigation. Logs should be backed up and saved for at least a year and some types
13、 of information may need to be stored for a minimum of six years. You may want to consider having a cybersecurity professional review the logs for any unusual or unwanted trends, such as a large use of social media websites or an unusual number of viruses consistently found on a computer. These tren
14、ds may indicate a more serious problem or signal the need for stronger protections. Logs should be backed up and saved for at least one year and some types of information may need to be stored for a minimum of six years. RESPOND The Respond Function helps contain or reduce the impact of an event. De
15、velop a plan for disasters and information security incidents Develop a plan for what immediate actions you will take in case of a fire, medical emergency, burglary or natural disaster. The following section highlights elements that should be included in the plan. Roles and responsibilities. What to
16、 do with your information and information systems in case of an incident. Who makes the decision to initiate recovery procedures and who will be the contact with appropriate law enforcement personnel. This includes actions such as shutting down or locking computers, moving to a backup site and physi
17、cally removing important documents. This should include how and when to contact senior executives, emergency personnel, cybersecurity professionals, legal professionals, service providers or insurance providers. Be sure to include relevant contact information in the plan. Many states have “notificat
18、ion laws,” requiring you to notify customers if there is a possibility any of their information was stolen, disclosed or otherwise lost. Make sure you know the laws for your local area and include relevant information in your plans. Include when to notify appropriate authorities. If there is a possi
19、bility that any personal information, intellectual property or other sensitive information was stolen, you should contact your local police department to file a report. In addition, you may want to contact your local FBI office. Who to call in case of an incident. Types of activities that constitute
20、 an information security incident. This should include activities such as your SMM firms website being down for more than a certain length of time or evidence of information being stolen. You may want to consider developing procedures for each job role describing exactly what the employee in that ro
21、le will be expected to do if there is an incident or emergency. 18 19 RECOVER The Recover Function helps an organization resume normal operations after an event. Make full backups of important business data/information Conduct a full, encrypted backup of the data on each computer and mobile device u
22、sed in your SMM firm at least once a month, shortly after a complete virus scan. Store these backups away from your office location in a protected place so that if something happens to your office such as a fire, flood, tornado or theft your data is safe. Save a copy of your encryption password or k
23、ey in a secure location, separate from where your backups are stored. Backups will let you restore your data in case a computer breaks, an employee makes a mistake or a malicious program infects your system. Without data backups, you may have to recreate your business information manually (e.g., fro
24、m paper records). Data that you should backup includes, but is not limited to, word processing documents, electronic spreadsheets, databases, financial files, human resources files, accounts receivable/ payable files, system logs and other information used in or generated by your SMM firm. Back up o
25、nly your data, not the software applications themselves. You can easily store backups on removable media, such as an external USB hard drive or online using a Cloud Service Provider (CSP). If you choose to store your data online, do your due diligence when selecting a CSP. It is recommended that you
26、 encrypt all data prior to storing it in the Cloud. If you use a hard drive, ensure it is large enough to hold all your monthly backups for a year. It is helpful to create a separate folder for each of your computers. When you connect the external disk to your computer to make your backups, copy you
27、r data into the appropriate designated folder. Test your backups immediately after generating them to ensure the backup was successful and you can restore the data if necessary. Make improvements to processes, procedures and technologies Regularly assess your processes, procedures and technology sol
28、utions according to your risks. Make corrections and improvements as necessary. You may want to consider conducting training or table-top exercises, which simulate or run-through a major event scenario to identify potential weaknesses in your processes, procedures, technology or personnel readiness.
29、 Make corrections as needed. 20 Make incremental backups of important business data/ information Conduct an automatic incremental or differential backup of each of your companys computers and mobile devices at least once a week. This type of backup only records any changes made since the last backup
30、. In some cases, it may be prudent to conduct backups every day or every hour depending on how much information is changed or generated in that time and the potential impact of losing that information. Many security software suites offer automated backup functions that will do this on a regular sche
31、dule for you. In general, the storage device should have enough capacity to hold data for 52 weekly backups, so its size should be about 52 times the amount of data that you have. Consider cyber insurance Cyber insurance is similar to other types of insurance, such as flood or fire insurance, that y
32、ou may have for your SMM firm. Cyber insurance may help you respond to and recover from a security incident. In some cases, cyber insurance companies may also provide cybersecurity expertise and help you identify where you are vulnerable, what kinds of actions you need to take to protect your system
33、s and help you investigate an incident and report it to appropriate authorities. As you might, with any type of insurance, perform due-diligence when considering cyber insurance. Determine your risks before purchasing a policy. Research the company offering protection, the services they provide, the
34、 type of events they cover, ensure that they have a good reputation and will be able to meet their contractual agreement. Backups should be stored on: removable media, such as an external USB hard drive; a separate server that is isolated from the network, or online storage, such as via a CSP. Remem
35、ber, this should be done for each of your computers and mobile devices. You may choose to store your backups in multiple locations (e.g., one in the office, one in a safety deposit box across town and one in the Cloud). This provides additional security in case one of the backups becomes destroyed.
36、Periodically test your backed-up data to ensure that you can read it reliably. If you dont test your backups, you will have no grounds for confidence that you can use them in the event of a disaster or security incident. You may want to consider encrypting your backups. Many software applications wi
37、ll allow you to encrypt your backups. This provides an added layer of security and is important if your backups contain any sensitive personal or business information. Make sure to keep a copy of your encryption password or key in a secure location separate from where you keep your backups. 21 NIST
38、Cybersecurity Framework Steps 1. Identify Identify and control who has access to business information Conduct background checks Require individual user accounts for each employee Create policies and procedures for cybersecurity 2. Protect Train employees and limit employee access to data Install sur
39、ge protectors and uninterruptible power supplies Patch operating systems and applications routinely Secure wireless access points and networks Use encryption for sensitive information Dispose of old computers and media safely 3. Detect Install and update anti-virus, anti-spyware, and other anti-malw
40、are programs Maintain and monitor logs Note unusual password activity 4. Respond Develop and maintain a plan for disasters and cyber incidents Notify your customers and the authorities 5. Recover Make full backups of important business data and information Schedule incremental backups Improve proces
41、ses, procedures, and technologies 21 THE MEP NATIONAL NETWORK The MEP National Network is a unique public-private partnership that delivers comprehensive, proven solutions to U.S. manufacturers, fueling growth and advancing U.S. manufacturing. W W W . N I S T . G O V / M E P / M E P - N A T I O N A L - N E T W O R K . C O M 100 Bureau Drive, Stop 4800 Gaithersburg, MD 20899 301.975.5020 patricia.tothnist.gov