Earlier this year, Citrin Cooperman conducted their third annual Manufacturing and Distribution Pulse Survey, aggregating essential data from businesses within the M&D industry. The invaluable finance-centric content provides information that can help businesses gauge how they compare to their peers and assist them in developing strategies to navigate the challenges that are unique to this sector.

Two of the report’s key findings involved e-commerce and artificial intelligence, two technologies that are critically important tools for M&D companies looking to become more agile and efficient. However, before a business proceeds with deploying or expanding these tools, security should be taken into consideration to avoid a costly cyberattack.

• Key Finding 1: “Reshape Product Offerings and Making the Most of Online Opportunities”
  • Takeaway:
    • Due to COVID-19, companies are more reliant on e-commerce than ever before.
  • Cybersecurity Considerations:
    • Cybercriminals have taken notice of the massive shift to online product sales. While it is extremely difficult to hack a cloud platform due to 24/7 security teams and state-of-the-art security controls, the incentives and rewards for hackers are exponentially higher thanks to all the eggs being in one digital basket.
    • Businesses have to be cognizant that when you use the cloud for e-commerce, you have to prepare for some rain.
  • Best Practices to Reduce Risk:
    • While research and recommendations are important in determining whether your e-commerce provider is doing what’s necessary to fortify the security around your data, obtaining a service organization control (SOC) report is a much better way to determine their efforts. A SOC report is an independent review of security, privacy, confidentiality, availability, and/or processing integrity, and should be readily available from any professional e-commerce provider. These reports are typically refreshed once a year, and should be reviewed in detail, especially the section that outlines the complementary user entity controls. In that section, you should be able to find the controls that the vendor has included within its system that can achieve the control objectives only if you have implemented certain controls within your business. For example, if you are not conducting user reviews, and an unauthorized employee has access to sensitive data, the best provider in the world won’t be able to help you. Additionally, if your e-commerce vendor doesn’t have a SOC report, it should be considered a red flag and you should immediately address the issue with a sales contact to assess when a SOC report will be available.
    • It is also very important to develop and test an incident response plan in the event that your e-commerce provider is taken offline. Even the largest of providers can be waylaid by a cyberattack, which in turn may prevent your business from being able to sell products. If that happens to your business, do you have a plan that provides workarounds to continue operations until your provider is back online? If not, the impact could be considerably worse for your company.

• Key Finding 2: “Apply Predictive Analytics and Artificial Intelligence (AI) Technology to Better Understand and Respond to Buyer Behavior”
  • Takeaway:
    • The top benefit of predictive analytics and AI is the ability to gather and utilize data from outside of a company such as information on suppliers, customers, and other sources.
  • Cybersecurity Considerations:
    • While AI and predictive analytics offer many positive benefits, they can lead to significant unintended (or maliciously intended) consequences for a business. One example of the security risks related is the feeding of malicious instructions into an AI system. If cybercriminals gain access to the system, they can alter the data sets used to train AI, implementing slight changes to parameters, or making scenarios that are designed to avoid setting off any alarms while gradually driving AI in their desired direction. Attackers can also tamper with input data to make proper identification difficult and manipulate AI systems into misclassifications.
    • While some may dismiss it as hyperbole, Tesla founder Elon Musk says that artificial intelligence is humanity’s “biggest existential threat,” and that it poses a “fundamental risk to the existence of civilization.” With warnings such as these, businesses must proceed with caution and ensure that security is a priority.
  • Best Practices to Reduce Risk:
    • A key factor to successfully adding artificial intelligence to a company’s toolbox is to integrate security considerations into the front end of project planning via a holistic risk management approach. Taking this proactive strategy provides enhanced protection and is more cost-effective than adding security measures post-implementation, or after an incident has occurred.
    • Partnering with an external risk management consultant with extensive experience in manufacturing and distribution technology is a worthwhile exercise and ensures that a security strategy can be tailored to your business and its needs when you are implementing AI solutions.

For more information on securing your manufacturing and distribution business, contact Kevin Ricci at kricci@citrincooperman.com.