Bishop Fox has been working with John Deere for the past 6 years, how would you characterize the changes in the industry in that time? And taking that one step further, how would you characterize Deere's overall approach to security?
Companies like John Deere find themselves transforming from being primarily heavy equipment manufacturers to also being technology companies. While that introduces opportunities to better serve their customers and the industry at large, this transformation also presents new security challenges—including expanding attack surfaces and an increasing number of Internet-connected devices.
Over our six years of partnership, John Deere has demonstrated they are committed to customer and data security with a constantly evolving security strategy. We have worked with the Deere team to supplement their efforts in some key areas, such as conducting product security reviews to help improve flagship Deere products like tractors and combines. We've also worked closely with Deere to perform continuous penetration testing on their expanding perimeter with our Continuous Attack Surface Testing (CAST) offering.
Why is security testing so important to the companies you work with?
Cybersecurity is asymmetric; attackers only need to find one weakness while organizations have to identify and close them all. Security testing helps organizations reduce the number of vulnerabilities that can be exploited by using the same or similar offensive tactics and techniques employed by attackers. Bishop Fox helps our customers stay ahead of the bad actors by identifying potential weaknesses first and providing actionable insights that allow issues to be proactively fixed and products hardened. By way of example, if we can identify a vulnerability within one of Deere's cutting-edge products before the bad guys, it makes the job of the attacker that much more time-consuming and expensive and less likely to be successful.
What are the biggest security challenges facing technology/manufacturing companies like Deere?
Most companies, including those in manufacturing, have a continually evolving and expanding attack surface as their technology footprint increases and as more of that technology becomes accessible via the Internet and mobile connectivity. Additionally, the growth in cloud assets and the interconnection of product suites have resulted in hundreds of thousands of connected endpoints. This all makes for more complex (and massive) security challenges when coupled with faster and more technologically advanced attackers seeking to exploit any weaknesses they can uncover for their own purposes and profit. In these situations, it's a race to see whether companies can find and fix vulnerabilities faster than attackers can take advantage of them.
How are companies like Deere responding to these challenges?
With the increasing sophistication and persistence of attackers, there's been a shift in the industry to be more proactive and also more consistent in the protection of critical systems. That's why Bishop Fox has developed solutions like CAST that provide continuous attack surface testing. Additionally, we increasingly see more mature organizations like Deere integrating our services and testing into product development lifecycles from the beginning to bring the most secure equipment possible to market.
For more information on John Deere's commitment to data security, please visit www.deere.com/trust.