MMC CYBER HANDBOOK 2016

thesp0nge

2f1WZOG

MMC CYBER HANDBOOK 2016

STRATEGY

MANUFACTURING

• Manufacturing is susceptible to cyber threats, given increasingly complex supply chains,

network-controlled production lines, and the hyper-connectivity of “Industry 4.0.” The

manufacturing sector was the leading target of infrastructure cyber attacks in the US in 2015.

• In 2014, hackers attacked the business and production network of a German steel mill to access

to the mill’s control systems and trigger an unscheduled shutdown of the furnace, causing

massive damage to equipment.

• Cyber risks inherited from external connections, such as supply chain and trading partners,

service providers, and other affiliates, are particularly acute in the manufacturing sector, and

must be continuously monitored, analyzed, and managed with a well-defined program.

RETAIL

• Point-of-sale (POS) systems have been a key entry point for many retail data breaches. Along with

recent advances in POS technology comes new malware that targets POS systems to capture

payment card data and gain access to other corporate systems.

• In recent years, hackers have acquired the credit card information of millions of retail shoppers,

which they can readily sell with point-and-click e-commerce functionality on the hacker Dark Web.

• Technologies that retailers and the payments system as a whole are implementing to protect

against cyber attacks include end-to-end encryption (E2EE), tokenization, becoming EMV

compliant, testing systems, and focused staff training on POS system security.

EDUCATION

• Universities and other institutions of learning, with their culture of openness and information

sharing, are highly susceptible to cyber risk. Data breaches can turn into high-visibility problems,

such as identity theft, electronic stalking, compromise of health data, theft of intellectual property

(first- and third-party), and other liabilities.

• In early 2016, a well-known US university fell victim to an attack on its financial management

software that compromised the information of 80,000 current and former students, employees,

and vendors.

• Educational institutions are taking efforts to increase risk mitigation. For example, in 2015, there

was a 37 percent increase in cyber insurance purchases in the education sector. Educational

institutions must focus on ensuring all users, including staff, academia, and students, follow

effective cybersecurity practices.

Copyright © 2016 Marsh & McLennan Companies

24

More magazines by this user
Similar magazines