Download PDF

Sensitive Content Communications Privacy and Compliance in Manufacturing

Highlights From Kiteworks’ “2022 Sensitive Content Communications Privacy and Compliance” Report

MANUFACTURING BRIEF

Intellectual property (IP)—which includes R&D, engineering, and operations data—is a key target for nation-states and malicious cybercriminals for manufacturers. Over one-third of manufacturing executives say IP theft is the primary motive behind cyberattacks on their companies.1 The risk of confidential data breaches in manufacturing is heightened by supply chain interdependencies, two-way data streams, embedded but unmanaged endpoints, and adoption of cloud computing.

What Sensitive Content Communications Channel Poses the Greatest Risk?

Cyberattacks on manufacturers can take different forms—on data in transit and at rest. Social engineering attacks use phishing and spear phishing to impact systems or ransomware that holds company data hostage until the hacker’s demands are met. Network, application, and endpoint vulnerabilities— both known and unknown—can be exploited to gain access to IP. Man-in-the- middle attacks target sensitive content communications that fails to employ encryption and other security protocols.

According to a new IBM report, manufacturing was the most attacked industry last year—overtaking financial services and insurance that ended a long run at the top of the industry list.2 Nearly half of attacks on manufacturers targeted vulnerabilities that had not yet or could not be patched. The most prevalent attack types included ransomware (23%), server access (12%), and business email compromise (10%).3

Security and Compliance Governance

Manufacturers share critical information internally between different departments as well as across their distributed supply chains using various communication channels. Following are some of the more prevalent use cases:

  • Protecting IP related to designs, plans, financial documents, marketing content, and contracts
  • Complying with privacy regulations that govern personally identifiable information (PII) in invoices and other documents

Manufacturing Brief

Sensitive Content Communications Privacy and Compliance in Manufacturing

  • Adhering to Cybersecurity Maturity Model Certification (CMMC) standards for the exchange of controlled unclassified information (CUI)
  • Complying with GxP by ensuring secure and immutable transfers of manufacturing quality data across Purdue Model levels
  • Automating secure exchange of orders, schedules, invoices, designs, and other information with supply chain partners
  • Securing exchange of large, terabyte-sized CAD and other large files with internal plants and departments and various third parties in the supply chain

All the above are governed by various compliance standards that start with data-related PII, protected health information (PHI), security foreign corruption and bribery, and securities. Privacy regulations, such as the Health Insurance Portability and Accountability Act (HIPAA), General Data Protection Regulation (GDPR), Personal Information Protection and Electronic Documents Act (PIPEDA), and California Consumer Privacy Act (CCPA), govern PHI and PII, whereas other regulations are more industry specific. And as artificial intelligence, which often relies on big data, becomes increasingly more important in manufacturing, tracking and controlling that data grows accordingly—specifically how sensitive manufacturing data is shared and stored.

Private PHI Communications With Third Parties

In addition to all data that is shared internally, manufacturers exchange a lot of sensitive data with third parties. Depending on the regulation or standard, policies are specified around data type, user and device access, data classification, cataloguing, and expiration, and audit trail reporting. Manufacturers must have the right governance tracking and controls in place for privacy and compliance of data that is at rest and in motion. Challenges around the supply chain post-pandemic and threats targeting manufacturers lacking encryption and governance controls can be exposed to malicious third-party actors.

One of the biggest challenges involves the sharing and transfer of data with third parties. The following graphic examines some of the manufacturing findings.

Manufacturing Brief

Sensitive Content Communications Privacy and Compliance in Manufacturing

What Are Your Top Concerns in Managing Sensitive Content Communications?

What Are Your Top Priorities Around Third-party Sensitive Content Communications?

Governance, Risk, and Compliance Survey Findings

Based on findings from a survey conducted by Kiteworks and Survey Pacific in early 2022, 34% of manufacturers indicate their organizational governance and protection of sensitive content communications either requires a new approach or needs significant improvement (another 38% indicate some improvement is needed).4 A likely reason is the lack of technologies and processes to measure risk: fewer than half (47%) have technologies and processes in place to do so.

Only half (50.5%) of respondents believe their organizations are well-protected when it comes to third-party risk. Communications in the cloud is a problem for many manufacturers: 48% either do not manage and monitor sensitive content shares and transfers in the cloud or only manage and monitor some of them. More than half (52%) of manufacturers say they must generate over seven compliance reports annually. However, despite all the time and resources spent on compliance, 19% of respondents indicate their compliance reports are only somewhat accurate (another 62% say they are mostly accurate).

Manufacturing Brief

Sensitive Content Communications Privacy and Compliance in Manufacturing

Governance

69%

use 4 or more systems for tracking, controlling, and securing sensitive data communications with third parties

23%

believe their governance and protection of third-party content communications either requires a new approach or requires significant improvement (another 38% say some improvement is needed)

47%

have technologies and processes in place to measure risk associated with third-party content communications (the remaining 53% plan to do so)

Risk Management

38%

use antivirus and antispam technologies to verify all incoming data communications from third parties

48%

use DLP for file sharing and file transfer with third parties

52%

encrypt less than 75% of their content communications with third parties

39%

indicate their risk management and security of third-party content communications requires a new approach or significant improvement

49%

believe their organization is not well- protected against third-party content communication risks

48%

either do not or only manage and monitor some content communications in the cloud

Compliance

52%

must generate over 7 compliance reports annually

36.5%

spend over 40 hours generating each compliance report (15% spend 80-plus hours)

19%

feel their compliance reports are fully accurate, with 59% saying they are mostly accurate (not contain errors)

Manufacturing Brief

Sensitive Content Communications Privacy and Compliance in Manufacturing

Kiteworks Private Content Network Provides Governance, Compliance, and Security

Kiteworks enables manufacturers to create a dedicated Private Content Network (PCN) of internal and external digital communications that ensures privacy and compliance of sensitive content—ranging from PHI and PII information to proprietary IP-related content. The supply chain has become a critical focus as global economies emerge from the COVID-19 pandemic, and this is the key reason manufacturing is now the number one industry vector when it comes to cyberattacks. When data breaches do occur, the cost can be dramatic. While the average cost of a data breach in manufacturing declined year over year, it is high at $4.24 million (the average across industries).5

Kiteworks enables manufacturers to protect critical IP related to product design, prototypes, production schedules, and supply chain logistics. Manufacturers also share and store PII for their employees, customers, and partners, which can be hacked in transit and in motion. Unifying, tracking, controlling, and securing this sensitive content with the Kiteworks platform creates a Private Content Network (PCN) for manufacturers that is fully secure and compliant with various standards and regulations.

For these and other highlights from Kiteworks’ “2022 Sensitive Content Communications Privacy and Compliance” report, download a copy.

References

1Cyber risk in advanced manufacturing,” Deloitte and MAPI, accessed March 31, 2022.

2X-Force Threat Intelligence Index 2022,” IBM Security, February 2022.

3 Ibid.

42022 Sensitive Content Communications Privacy and Compliance Report,,” Kiteworks, April 13, 2022.

5Cost of a Data Breach Report 2021,” IBM and Ponemon Institute, July 2021.

www.kiteworks.com

Get started.

It’s easy to start ensuring regulatory compliance and effectively managing risk with Kiteworks. Join the thousands of organizations who feel confident in their content communications platform today. Select an option below.

Lancez-vous.

Avec Kiteworks, se mettre en conformité règlementaire et bien gérer les risques devient un jeu d’enfant. Rejoignez dès maintenant les milliers de professionnels qui ont confiance en leur plateforme de communication de contenu. Cliquez sur une des options ci-dessous.

Jetzt loslegen.

Mit Kiteworks ist es einfach, die Einhaltung von Vorschriften zu gewährleisten und Risiken effektiv zu managen. Schließen Sie sich den Tausenden von Unternehmen an, die sich schon heute auf ihre Content-Kommunikationsplattform verlassen können. Wählen Sie unten eine Option.

Comienza ahora.

Es fácil empezar a asegurar el cumplimiento normativo y gestionar los riesgos de manera efectiva con Kiteworks. Únete a las miles de organizaciones que confían en su plataforma de comunicación de contenidos hoy mismo. Selecciona una opción a continuación.

Share
Tweet
Share
Explore Kiteworks