Organizations that do not have a mature data loss prevention (DLP) program to address the physical, human and cyber threats that are unique to the manufacturing sector run the risk of suffering through operational disruptions and production delays that might impact not only their reputation and brand, but also the United States (U.S.) economy and national security. Cyberattacks on manufacturing companies or their supply chains have the ability to bring the production of goods to a standstill. Further, with the increased use of digital 3D modeling, manufacturing companies are also exposed to risks associated with the loss or theft of computer-aided design (CAD) files.
One of the biggest risks to companies operating within the manufacturing space is industrial espionage. This occurs when business trade secrets are obtained through illegal or unethical means for use by a competitor, for the purpose of achieving a competitive advantage in the market. In this blog, I will discuss three capabilities that manufacturing companies should consider when evaluating technology that will prevent data leakage or minimize the risk of a data breach by a malicious actor.
Identify Sensitive Data Anywhere and Everywhere
DLP solutions help mitigate the risks associated with data loss due to insider-related incidents such as employee error (e.g., unintentional file deletion or the unintentional sharing of sensitive data in an email), and data breaches due to malicious attacks. A good DLP tool helps companies identify sensitive data, manage insider threats, understand their regulatory compliance requirements for all data types, and ultimately protect sensitive data (e.g., intellectual property, sensitive customer data, employee data, etc.) from leakage or theft.
Like other large sectors of the U.S. economy, businesses operating within the manufacturing sector (e.g., automotive technology production, chemical and petrochemical manufacturing, food and beverage production, pharmaceutical manufacturing, etc.) face challenges associated with securing data processed by a fully remote and hybrid workforce, as well as challenges resulting from the fact that data no longer lives within a network perimeter, but rather everywhere and anywhere. As a result, companies will benefit from a DLP solution that is capable of identifying all types of sensitive data, regardless of where it is located. Similarly, because manufacturing companies use both structured and unstructured data, it’s important that the solution have the capability to identify all types of data, regardless of format.
Identifying sensitive data and classifying the data according to its value and the risk to the organization if it is leaked unintentionally or accessed by malicious actors are essential capabilities for a mature DLP program. Properly classifying data not only enables the organization to set policies for each data type, but also supports regulatory compliance requirements and incident response activities.
DLP Policies and Policy Violations
DLP policies describe what happens when a user uses sensitive data in a way that the policy does not allow. Policies are important to control data storage, file transfer and sharing, as well as what activity is permissible on employee endpoints. For example, when a user attempts to print a document containing sensitive data to a home printer, the DLP policy might display a message stating that printing the document to a home printer violates the policy and is not permissible. How does the DLP tool know that the document includes sensitive data? Content inspection techniques and contextual analysis help identify sensitive data.
The inspection capability of the DLP solution is very important. In this regard, it’s important to note that traditional DLP solutions focus on data-specific content inspection methods. These inspection methods are no longer effective for organizations that have migrated to the cloud because the techniques were developed for on-premises environments. Traditional DLP relies heavily on content analysis and does not always accurately identify sensitive data. Sometimes the traditional tools blocked normal activity. In contrast, a modern DLP solution minimizes false positives by combining content analysis and data lineage capabilities to more accurately understand whether the data is in fact sensitive.
In fact, Gartner recommends investing in a DLP solution that not only provides content inspection capabilities but also offers extra features such as data lineage for visibility and classification, user and entity behavior analytics (UEBA), and rich context for incident response. UEBA is useful for insider-related incidents (e.g., UEBA might help identify data exfiltration by a dissatisfied employee).
Actions in Response to Policy Violations
A DLP solution should be capable of performing actions such as sending out alerts for DLP policy violations, warnings using pop-up messages, quarantining data and blocking data entirely. Organizations should be able to define their policies based on their security policy, standards, controls and procedures.
Incident Response and Recovery Capability
Manufacturing companies need to be able to rapidly recover after a disruption to business operations. An inability to do so may leave the business inoperable. As an example, in 2020, a Pennsylvania law firm employed four attorneys who began secretly copying client files, correspondence, and firm work products to access them after ending their employment with the firm. They also deleted emails and other computer data, and engaged in shredding and destroying physical documents. These actions interrupted the law firm’s business operations.
While the example relates to a law firm, the lesson here is that this scenario can occur in any sector or industry and not having the technology to manage this type of data loss will result in disruptions to business activities. DLP solutions can help scan and monitor for suspicious activities and facilitate data recovery, as well as help inform the appropriate response for this kind of malicious data loss.
As manufacturing businesses grow increasingly digital, preventing data loss should be prioritized through investments that help mature DLP programs, with a focus on people, processes and technology. Selecting the right DLP solution for the manufacturing sector requires knowledge of the unique threats facing companies that operate in the manufacturing space, supply chain risk management best practices, the gap between traditional DLP tools and modern DLP tools, and the purchasing organization’s security initiatives and goals.
In addition, the decision to invest in a DLP solution should be informed by sufficient research and planning with key stakeholders. Given the many options and variables to consider, decision-makers must spend the appropriate amount of time understanding the nuances and distinctions among the many solutions on the market.
About the Author: Ambler is an attorney with extensive corporate governance, regulatory compliance, and privacy law background. She currently consults on governance, risk and compliance, enterprise data management, and data privacy and security matters in Washington, DC. She also writes about today’s most crucial cybersecurity and regulatory compliance issues with Bora Design.