While catching up after a couple of weeks off, I came across this article: How Important is Additive Manufacturing Security? on the engineering.com website.
And it really frustrates me!
Let me tell you why.
And it really frustrates me!
Let me tell you why.
- Its a negative article and concentrates on the things that could possibly go wrong. Business owners/ manufacturers/ engineers aren't stupid, everyone knows the threats exist. (Other than the Unknown Unknowns but let's not talk threat intelligence here).
- The use of statistics aren't helpful. For example, 51% of respondents experienced a CyberAttack. What about the businesses that didn't respond to the survey? That didn't respond to an unsolicited email? In addition, most businesses will see themselves in the 49%.
- The level of risk to an organisation isn't even mentioned. Yes, businesses face these threats (and so much more), but it must be looked at in terms of risk. A threat on its own means nothing. A business should consider it in terms of Likelihood and Impact. Only then can they really address the issues.
- Security measures are conveyed as an expense rather than a business enabler. Security allows a business to grow. It allows a business to reach its potential. Good security can allow a business operate in a market whether others can't, or won't. It allows a business to control what is seen by must as uncontrollable. It provides certainty and reassurance.
In conclusion, just because a threat exists, doesn't mean a business needs to take action. A business should strive to reduce the risk to As Low As Reasonably Practical (ALARP). And that may mean that some risks are just accepted.