Cyberattacks are on the rise. Manufacturers who rely on automation, robotics and connected networks are especially vulnerable and are in need of better cybersecurity. Here’s what you can do to protect your business against ransomware and other attacks from criminals using the Internet of Things.
Know your cybersecurity risks
Last December, hackers caused a blackout in the Ukraine by breaching the control system for a power grid. This attack didn’t require sophisticated tools; rather, the hackers used malware that could be purchased on the black market to engage in spear phishing. This is a type of email phishing campaign that targets multiple people at an organization using inside information that makes the hacker’s inquiry look legitimate.
Owners and managers of manufacturing businesses fear data breaches — and hackers often use that fear to cripple organizations through ransomware. This is a type of malware that’s installed on a computer or network without the user’s consent that relinquishes control back to management only if they agree to pay ransom to the malware operators. Once the money is paid, the hackers promise to remove the restrictions.
Cyberattacks can harm a manufacturer or distributor by causing safety issues, negative publicity, lost productivity and compromised personal and corporate data. The average cost of a data breach in the United States is now more than $7 million, according to a 2016 study published by independent research group The Ponemon Institute.
Safeguard your operations
How can you improve your cybersecurity? A commitment to cyber hygiene and best practices is critical to protecting your networks. Here are some questions you may want to ask of your organization to help prevent ransomware attacks:
- Backups: Do we backup all critical information? Are the backups stored offline? Have we tested our ability to revert to backups during an incident?
- Risk Analysis: Have we conducted a cybersecurity risk analysis of the organization?
- Staff Training: Have we trained staff on cybersecurity best practices?
- Vulnerability Patching: Have we implemented appropriate patching of known system vulnerabilities?
- Application Whitelisting: Do we allow only approved programs to run on our networks?
- Incident Response: Do we have an incident response plan and have we exercised it?
- Business Continuity: Are we able to sustain business operations without access to certain systems? For how long? Have we tested this?
- Penetration Testing: Have we attempted to hack into our own systems to test the security of our systems and our ability to defend against attacks?
Employees are a manufacturer’s first line of defense against hackers, but they can also be a liability if they’re not vigilant and knowledgeable about cyber threats. In fact, the latest Ponemon study found that 23% of breaches were caused by negligent employees. So, it’s critical to provide training about the latest scams and encourage employees to report suspicious emails immediately to the information technology department.
Many hackers look for easy targets — like thieves target houses with unlocked doors and windows to break into — so even the simplest security measure will deter some breaches. For example, you can use inexpensive, over-the-counter encryption software and phishing filters to make it harder for hackers to get inside your network.
To minimize losses if a breach occurs, consider purchasing cyber insurance products to cover direct losses from breaches and the costs of responding to them. Your traditional business liability policy probably doesn’t include such coverage against cyberattacks.
You can also assemble a breach response team before a breach occurs. Doing so decreases the average cost of a data breach by about 12%, according to the Ponemon study. Once it’s formed, the response team can also identify potential weaknesses in your network and cybersecurity practices and prepare for breaches by conducting breach response drills. For more information, contact your MarksNelson professional.
About the author
Don Towle directs the firm’s Employee Benefit Plan Audits. He is committed to providing a quality audit that meets federal obligations while keeping clients aware of changes and identifying improvements.