Abhay Bhargav (India) - IT Security: An Essential for the Indian Manufacturing Company

Manufacturing companies in India are really coming of age. They are evolving with the latest trends, embracing new technologies and really adopting an aggressive stance towards Information Technology deployments. They are installing state of the art ERP systems. They are heavily deploying industrial automation applications and technologies, as well as other web applications to link to their customers, suppliers and employees. They are quite sizable in their operations as well. A company that I have recently been working with has rolled out ERP across their 10 plants all over the country, deployed an MPLS network link to connect all these sites and have effectively rolled out a bevy of applications and industrial automation technologies to measure performance from each workflow process. This brings us to the question of security.

The manufacturing industry in India has adopted IT like any other business vertical, in a rush. They have acquired some fancy technology, deployed applications and migrated their entire organizations to the cyber-age without too much thought being given to the security paradigm, and some of them are already feeling the pain. A company I know is a high-end manufacturing firm that creates designs based on client specifications and produces those designs in their manufacturing plants. These designs are top secret and extremely confidential. Loss of these designs would result in the company and its client losing millions of dollars in revenue. This company had failed to secure these drawings and an employee who worked at the company, was able to infiltrate these designs and move to a competitor who was able to copy those sensitive design documents. The victim company and their client lost a great deal of face and revenue because of this series of events.

Manufacturing firms tend to have a great deal of sensitive information like R&D Information, financial information, costing information, employee information and so on. And while their industry is not seen as an ideal candidate for information security, I can vouch that their needs for information security are as important, if not more so, than other business verticals.

Manufacturing companies focus on the word “volume”. For them, loss of critical data directly impacts their ability to deliver. For instance, loss of key R&D information to a competitor would result in them being unable to manufacture, therefore losing market share and revenue to a competitor. ERP systems are also highly sensitive applications that the company must protect effectively. Over the last quarter, several new vulnerabilities in popular ERP applications like SAP have surfaced, showing that most of these ERP applications are also severely vulnerable to security breaches – and attackers are targeting these applications in order to gain access to sensitive information about the enterprise.

Web applications present a great challenge to manufacturing companies as they have just begun adopting them India. In fact, many of them have moved their key processes relating to supply-chain management to their web applications and some of them have even created customer management applications for their companies to interact better and more effectively with their customers. These applications usually link back to their ERP deployment, opening up a large area of attack possibilities.

Another area where manufacturing firms need significant help is in ‘security awareness’. Manufacturing companies seldom train their employees on security awareness and this results in a large set of attack possibilities. Recently, I was involved in performing a social engineering test against a manufacturing company where we sent a phishing email with a malicious PDF file. Most users opened the email and executed the PDF file. Through the file, we were able to get root access to most of their systems (because of multiple vulnerabilities in their systems). Using such privileged access, an attacker can pivot into any other system on the network and compromise sensitive information.

The Indian manufacturing sector is making great progress in integrating technology into all levels of its operations. However, it is only prudent that these companies ensure that the critical issue of information security is addressed consistently to protect their business interests.

By Abhay Bhargav, CTO of We45 Solutions.


« Jean-Philippe Courtois (Europe) - SMBs Show Sparks of Hope Despite Stormy Season


Intel (South Africa) - Don't Write Off the PC Just Yet »


Do you think your smartphone is making you a workaholic?