Editor’s note: Welcome to So That Happened, our editors’ takes on things going on in the manufacturing world that deserve some extra attention. This will appear regularly in the Member’s Only section of the site.
Who to Blame if Your Company Gets Hacked?
Have a mirror ready.
The average data breach costs a company $4.2 million, with up to 100 times that for “mega breaches,” and it was 10% worse last year, when:
- It took on average 287 days for a cybersecurity team to detect and respond to a data breach
- 51% of organizations suffered a data breach in the last two years
- 74% were either inconsistent in how they applied incident response plans or had no instant response plans at all
All of this came from IBM, sponsor of a March 29 event hosted by The Trust, a commercial department at The Wall Street Journal, titled “The Leadership Agenda for Cybersecurity in 2022.” Speakers discussed the current threat landscape; zero trust and extended detection and response cybersecurity strategies; how to secure the software supply chain; how the C-suite can create cyber resiliency for their companies; and deep dives into the sub-topics.
Anyone with a plan doesn’t need the scare tactics. They have a plan because they understand the risk. So, one wonders who the scare tactics are meant for. Do people attend these events because they are honestly in the dark as to why cybersecurity matters?
At IndustryWeek, we’ve recently dipped often into the cybersecurity well for some very good reasons related to current affairs. In nearly all of these stories, I walk away with two recurring thoughts:
- If a company is not paying attention to cybersecurity and has the bandwidth and budget to establish proper cybersecurity, it’s kind of asking to get hacked.
- And if the company that could pay attention, isn’t, I don’t know what they need to hear to get worried enough to act. Do the factoids at the top of this column not matter to a company that has chosen not to care, even though it could remediate these issues ?
The general advice is still sound:
- Teach your employees what phishing is and how to spot fake emails
- Use proper password protection, like two-factor authentication
- Encrypt and liberally back up your data
- Patch your software often and test the patches before you apply them
- Be aware of current threat actors and popular attack vectors
The vast majority of what gets presented is not new, and therefore from a certain perspective nor is it news. Please, if you can do something about your cybersecurity, don’t tempt fate and risk becoming one of those companies not paying attention. But if you aren’t listening to everyone else, you probably didn’t read to this point, either.
Wait a Second, Is that School Lunch Made in America?
While not a question you ever thought of asking your child, the Teamsters want you to.
And it’s not just the Teamers, it’s the United Food and Commercial Workers and the Bakery, Confectionery, Tobacco Workers and Grain millers that have asked the Food and Nutrition Service to reverse a rule from the previous administration that “allowed school districts to serve cheap imported food in public school cafeterias,” according to an article on the Teamsters website.
These unions feel that school lunches made in the U.S are made to higher standards. “American grown fruits and vegetables are prepared to higher environmental and health standards than the Chinese product, so enforcing Buy America in the school lunch programs is good for the workers and their kids,” said Ashley Alvarado, food processing director for Teamsters Local 856 in California.
And it might not be surprising that while these groups are advocating for better food, they also want that food be union-made. “As the union representing 250,000 food workers around the country, we believe that federal taxpayer dollars should support good jobs for all of America’s food workers. A critical step to accomplishing this is for the United States Department of Agriculture to make it easier for local school districts to buy union, made-in-America products,” said Fernando Lemus, president of UFCW Local 1445 in Massachusetts.
Disclosure Discourse
The Securities and Exchange Commission late last month made some waves when it proposed rules for climate-related disclosures, setting the stage for some, shall we say, difficult conversations with representatives of the factory sector.
SEC Chair Gary Gensler and his team are looking to standardize much of the information public companies talk about to investors when it comes to greenhouse gas emissions ranging from direct, so-called Scope 1 emissions all the way to Scope 3 emissions from participants in its value chain. The plan (click here for a PDF of the 503-page proposed rule), Gensler said, is part of the SEC’s “core bargain from the 1930s”–investors get to decide how much risk to take based on fair disclosures by the companies wanting their investments.
The measure (click here for a PDF overview) is open for public comments for a few more weeks but it’s already clear the National Association of Manufacturers, which represents 14,000 companies, isn’t keen on the standardization bit.
“Broad, sweeping disclosures could be counterproductive—requiring manufacturers to waste time and resources reporting irrelevant information that will not be decision-useful for shareholders,” President and CEO Jay Timmons said in a statement the day the proposal was outlined by Gensler. “The SEC should focus on requiring disclosure of material information, and the NAM looks forward to working with the SEC to ensure that its proposed climate reporting rule enables smart, company-specific disclosures that are tailored and targeted.”
We’re betting there’s much more to come soon on this topic.
Standing Up for Small Family Businesses
In his March 7 humor column, IndustryWeek contributor (and former editor-in-chief) John Brandt parodied the leadership of a small family manufacturing company called “Bilgewater.” The joke didn’t land well with reader Dave Moody, who felt that the writer was using a Goliath-sized club to beat up the little guy.
Moody has worked for different types of companies over the years, but for the past 24, he’s been a leader of a “small, tightly held, multigenerational manufacturing company.” He wrote an impassioned response sharing his experience and defending small family manufacturers. Here is an excerpt:
There is no doubt that the most difficult and challenging, yet rewarding, executive job is the small family-run business. Why? There is usually little delegation down of responsibility or shared assumption of risk. The success of the firm and my personal financial welfare depends solely on my own resourcefulness with some minor input from a few trusted friends, advisors and fellow team members.
Often, I have found book theory from business school is exactly 180 degrees wrong when applied to small business. … And as with most small entities, the finances of debt are backed by personal guarantees, so the outcomes of bad decisions are felt in my own pocket.
There is huge difference in environment between the large companies and smaller business that requires completely different styles of leadership. Some people are just not cut out for the type of role where accountability is direct and supporting infrastructure is thin.
When I started working for the family firm in the mid-90’s, our accounting auditor told me there is no financial reason to continue the business, and that the family capital would be put to better use elsewhere. He was right in this determination, but maximizing ROI has never been the sole purpose of the family business. These types of family-controlled companies were quite prevalent in the 1950s and ’60s heyday of manufacturing across America, but few remain relevant in today’s global marketplace of multinational firms with their Chinese suppliers. The fact that some of these small independent manufacturing holdouts continue to operate defying industry trends must then be attributable to some pattern of success.
In the mythical Bilgewater parody, you would think the disgruntled CEO would know this financial and organizational backdrop before he took the job. To me, this man is the villain in the story. His condescending attitude toward small business is one I see commonly from either outsiders who try to apply Wall Street metrics to a small organization, or from the group of business consultants trying to bilk small business owners by offering useless market analytics, irrelevant benchmarking ratios, silly mission statement and a variety of other unusable but high-minded advisory services.
Of course, one has to logically ask, “if the CEO at Bilgewater is so smart, why doesn’t he start his own manufacturing company from the ground up without stealing accounts from the family?” No, it is probably just easier to be unethical.
Introducing… Your Cleveland-Cliffs Cavaliers!
Cleveland Cliffs Inc., the biggest flat-rolled steel producer in North America, made headlines last year for purchasing Ferrous Processing and Trading Co. and entering the steel scrap business. Now, the steel giant is making its play on the basketball court.
In March, the Cleveland Cavaliers basketball team and Cleveland-Cliffs announced that the company’s logo will appear on Cavaliers jerseys starting in the 2022-23 NBA season. Their jersey patch will replace the existing Goodyear Tire Co. patch now that a five-year agreement between Goodyear and the Cavs is expiring this year.
Flanked by rolls of rolled steel at a press conference, Cleveland-Cliffs CEO Lourenco Goncalves and Cavaliers point guard Darius Garland—whose grandparents in Gary, Indiana, were steelworkers—hailed the partnership as emblematic of teamwork and shared Midwest culture.
“The Cavs stand out as a unique and authentic showcase for the importance of teamwork with its talented players, coaching staff and management team, coming together strategically to win,” said Goncalves. “Cleveland-Cliffs is no different.”
“I will be very proud to wear the Cleveland-Cliffs logo on my jersey starting next season,” Garland said. “Being from Gary, Indiana, I know first-hand how important Cliffs and steel are to communities, both here in Cleveland and across our region.”
The sponsorship makes Cleveland-Cliffs the only steel company to get a jersey patch partnership with an NBA team—perhaps an odd pairing, on the face of it. Cavs CEO Len Komoroski, in his own statement, noted that “while our respective roles in the community are much different from each other, both Cliffs and the Cavs are considered part of the ‘fabric of life’ here in Northeast Ohio.”
I Don’t Remember this in the Job Description
With Shanghai in lockdown to prevent the further spread of COVID, GM wants to make sure that its cars are being produced.
How are they doing this?
Well they have asked workers to sleep on factory floors, according to an article in the Detroit Free Press.
While that seems a bit dramatic, the company doesn’t really have much choice since China says that companies must use strict measures, and this would be one, to keep factories going or they would have to shut down. As the article explains, the companies are required to operate in a closed-loop environment, so that means that employees can’t leave.
Considering last year GM delivered 2.9 million vehicles—Buick, Chevrolet and Cadillac brands—in China, it makes sense the company chose this route.
