Paid for and submitted by Daniel Brookman, Stolly Insurance Group.
On the heels of the CrowdStrike software patch heard round the world, and multiple high profile cyber breaches, the conversation about cyber-security has been thrust back into the spotlight once again. As leaders in the manufacturing industry, it is as important now as ever to understand the tops risks associated with our highly connected world and understand the ways to mitigate those risks. Here are the top 3 cyber risks and the best defenses we have to manage them.
Ransomware & Extortion
As manufacturers, you rely on a lot of technology to operate your facilities. From processing orders, tracking inventory, and automating machinery and equipment; your organizations are highly connected to the Internet of Things (IoT). This is a great strength that helps you to efficiently produce and move your product. But this strength will become a weakness if cyber-criminals successfully upload malware onto your system that shuts down your ability to operate. This can take place by sophisticated methods, but very often happens by tricking employees into clicking on malicious links or otherwise unknowingly letting the criminals in.
Your best defenses from this type of threat:
1. Endpoint Detection and Response (EDR) solution – an EDR solution helps you find, contain, and remove threats after they’ve penetrated your systems main line of defense, which is your antivirus software. You can either deploy and manage the EDR solution yourself or hire a vendor to manage this for you.
2. Frequent backups – depending on the type of data and size of your organization you may need to backup more or less frequently. A good backup solution will allow for customized backup frequencies for different types of data. However, for most organizations it is recommended to have a daily backup of important data.
Business Interruption Costs
This is closely tied to the previous example of ransomware and extortion because they’ll be happening simultaneously. When you are shut down and unable to operate you’re losing valuable revenue and your employees will be out of work. While this could be malicious intent such as a ransomware attack of some kind, it doesn’t have to be. For example, the recent CrowdStrike incident that caused so much disruption was caused by a non-malicious software patch.
Your best defense from this type of threat:
1. Incident response plan – having a comprehensive response plan that outlines procedures for detecting, responding to, and recovering from a cyber-incident is crucial. It should include roles and responsibilities, communication protocols, and steps for analysis and remediation. Testing the plan regularly can help ensure that all team members are familiar with their roles and responsibilities. This can often be the difference between a small minor incident and one that lasts much longer.
Social Engineering
For the most part, our devices are pretty safe. The most dangerous part of any online device is the human sitting behind it. Cyber criminals know this, and they specialize in manipulating people into sharing information and sending money to the wrong places. It could come in the form of a fake email from what appears to be a trusted coworker, or a threatening phone call from someone claiming to be from the IRS. There are no limits to the ways in which these attacks might take place. Because they exploit human error these attacks are referred to as “human hacking” and are the leading cause of network compromise and are also among the most costly.
Your best defenses from this type of threat:
1. Multi-factor authentication (MFA) solution – this is a security method that uses at least two different methods for verifying who a user is before letting them login. This is typically done by sending a code by email or text message to the user that they’ll use to login.
2. Employee training – since the target of these attacks are your employees, training is absolutely critical in this area. There are many different vendors out there offering training that employees can participate in that teach them the types of things to look for and how to detect potential social engineering schemes.
Conclusion
The world is only getting more dangerous when it comes to cyber-security threats. Manufacturing has been the most targeted sector for cyberattacks for three years in a row, accounting for 25.7% of attacks so far in 2024. However, there are a lot of things an organization can do to help prevent the likelihood of an attack and help mitigate the negative affects if an incident does occur.
One important measure that manufacturing organizations should consider taking is purchasing a cyber-liability insurance policy. What you are going to need in the event of a cyber-attack are both expertise and financial resources, and a cyber-policy will provide you with both. The insurance companies who underwrite these policies deal with cyber claims on a regular basis and are equipped with the tools to help you, and their financial interests are aligned with yours in mitigating the cost of the claim as much as possible. They’re a good ally to have if a cyber-disaster strikes your company.
I hope the information in this article was helpful. Feel free to reach out to me directly any time with any questions.
Daniel Brookman
(419)879-3209
Interested in submitting an article? Email info@daytonrma.org for more information.
Comments