A cyber breach can damage every aspect of a business from its operations to its reputation, which is why companies strive to keep these episodes out of the news. To put it in perspective, costs from attacks involving ransomware and other cybercrimes could total $6 trillion globally in 2021, according to one estimate. That is huge, and recovering from a cyber breach not only puts a company at risk financially, but results in other significant damages as well.
Manufacturers At Risk
Unfortunately, industrial manufacturers are vulnerable to attacks, and they are on the rise. The United Nations reported a sharp rise in phishing cybercrimes as the coronavirus pandemic took hold. Even in the best of times, businesses struggle to combat phishing in which fraudulent emails trick people into providing confidential information. And it’s even more difficult with many people working from home.
Savvy cybercriminals are always finding new ways to penetrate business information systems. Millions of remote workers have provided fresh targets, often untethered from normal security protocols, surrounded by distractions and mingling work data with programs on home computers.
Financial institutions and medical providers are seen as particularly rich targets for siphoning money and nabbing information like Social Security numbers.
Manufacturers also are at risk. A major reason is increased automation. Industries are adopting technology including AI and robotics for production lines, the internet of things for orders and timesheets, digital sign-ins for visitors, and connectivity for everything from smart TVs to supply chains. A breach in one area—say, finance—can affect operations in another area—say, the production line.
High-pressure deadlines are a fact of life for industrial manufacturers, adding another level of risk. A shutdown of even a couple of days could disrupt a major project or delay deliveries to a key customer.
Selling stolen data is lucrative for cybercriminals around the world, and risks will never be reduced to zero. But five basic steps can shore up vulnerable areas, limit risks and make it easier to recover if a cyberattack occurs.
To reduce the risks of cybercrimes, combat cyberattacks before they succeed. Here’s how:
Cyber Step 1 – Have a disaster recovery plan in place.
As the pandemic deepened, it was obvious which companies had a solid crisis recovery plan. They were the ones that were able to pivot to Plan B. Recovering from a cyberattack is similar: a well-prepared company will be more able to limit downtime and get things back to normal. The Center for Internet Security is a good resource for developing a disaster recovery process.
Cybercriminals may not only steal data, but pollute the software and machines on which information is stored. Thus, the recovery plan should include automated backups, and offline copies of data that are validated annually. Once a year, a security incident response team should hold the equivalent of a cyber fire drill, going through their recovery process as if a breach has occurred. CIS tabletop exercises can help companies explore various cybercrime scenarios and test their response capabilities. Then they analyze what worked and what didn’t, to ensure a robust response in case of a real attack.
Cyber Step 2 – Make security training for employees a priority.
Cybercriminals don’t get into a manufacturer’s data by burglarizing an office or breaking down a door. Usually, people let them in unintentionally. For example, a sales rep is traveling and misses an important system update. Or an employee complies with a request for confidential data because it seems to be coming from the CEO. Security training for employees is vital for preventing these kinds of breaches. Manufacturers can work with their I/S departments or an outside consultant to meet guidelines such as the framework of the National Institute of Standards and Technology (NIST). Basically, they should implement:
- Annual security training for employees—concluding with a test.
- Ongoing outreach with training every three months, at least.
- Discussion of penalties for those who violate security protocols.
Interesting case studies and a gamification approach can help make the annual training interesting, and follow-up sessions can be as brief as 15 minutes. The more people are trained to spot a suspicious email or think twice before clicking on a link, the better the chances for avoiding a breach.
Cyber Step 3 – Use two-factor authentication.
Most consumers routinely encounter two-factor authentication. When they log in to a website or a communications portal for their bank or health insurer, they enter a password as a first step. Then they must respond to a second verification method, usually by phone, text or email. Two-factor authentication establishes an additional barrier for the cybercrook who wants to impersonate a computer user and getting into their data. It’s particularly urgent that two-factor authentication to be turned on for:
- Employees working remotely.
- Anyone with access to financial applications.
- Any employee using Office 365.
Cyber Step 4 – Block installations of risky, unauthorized software.
Malicious code embedded in software may escape detection by antivirus programs. That’s one way cybercriminals insert hazards like malware, ransomware, worms and Trojan horse viruses into a company’s information systems. The solution is to take an inventory of every application running on every system used by every employee. An app or software confirmed as necessary goes on an “approved” list. If it’s not on the list, it can’t be run on the system, and anyone who tries to download an application deemed hazardous will find that it’s impossible.
Cyber Step 5 – Scrutinize data with an “alarm system.”
This strategy is similar to installing a home security system that alerts the owners of an attempted break-in. It involves external monitoring and introduces two more acronyms, SIEM and SOC. SIEM software, for security incident and event management, monitors and analyzes data moving into and out of the organization in real-time. Off-site cybersecurity experts comprising a security operations center (SOC) look for possible threats from bad actors inside or outside the company. They provide alerts when they spot something unusual. For instance, did an executive really log in from Ukraine, rather than company headquarters in Kalamazoo? Or, was that a hacker with malicious intent?
Leadership buy-in is essential to guard against cyberattacks, especially as technologies like robotics and AI become more prominent in manufacturing and interconnected operations become the norm. In addition to defining cybersecurity needs and priorities, leaders need to require regular reporting, (monthly or at least quarterly) to update the company’s risk management processes. The continuous improvement goals of “lean” manufacturing, with which most industry executives are familiar, can also be applied to cybersecurity.
The good news is the emergence of new technology to prevent breaches and evict cybercriminals who make inroads into a system. Huntress Labs is one excellent source of that expertise. Also, many case studies are available to help businesses learn from the mistakes of others.
It takes some effort to implement and strengthen cybersecurity, but any company that’s not getting stronger is getting weaker. Business leaders need to use every possible strategy to reduce their risks from cybercrime and put up barriers to keep the bad guys out.