How will you protect yourself in a world of invisible threats?
Global cyberattacks in the manufacturing industry have increased by almost 3,000% since 2012. This gives manufacturers like you a dubious distinction in the world of cybersecurity, along with a choice to be proactive against attacks.
According to a recent report by Trend Micro, 61% of manufacturers have experienced a cybersecurity incident affecting their factories. Three-quarters of those incidents required taking production offline, and in 43% of those cases, production was stopped for more than 4 days.
The COVID pandemic exacerbated the problem because of the number of people suddenly working from home. Brad Lutgen, Cybersecurity Partner at Sikich, explains why: “Because many (manufacturing and distribution) businesses had little to no experience with remote workforces, in most cases office employees weren’t securely set up for the immediate shift to remote work when COVID-19 prompted shelter-in-place orders. Now that a few months have passed and many employees may work remotely for the foreseeable future, it’s critical to identify vulnerable spots in your hardware, software and controls.”
The most common types of cyberattacks are ransomware and phishing. Ransomware is the use of malicious software designed to block access to a computer system (and possibly release sensitive information) until a ransom is paid. Phishing is the practice of sending emails (purporting to be from reputable companies) intended to induce individuals to provide personal information, such as passwords, credit card numbers, etc.
As the sophistication of cyberattacks and the value of their targets have increased, so too have the monetary demands. Cyber insurance company, Coalition, reported that the amount of ransomware money extorted from its policyholders doubled from 2019 to just the first quarter of 2020.
Source: Trend Micro
Yet most manufacturers do not avail themselves of all the tools and techniques that can thwart cyber attackers. Just 36% conduct penetration testing of their networks and systems. Only 35% hire internal professionals with cybersecurity expertise. About one-third perform phishing exercises on employees, and just 32% assess the strength of cybersecurity at their vendors.
3 tips to boost your cyber readiness:
- Are you ready…or just waiting? In general, the faster you respond to a security breach, the more successful you will be at reducing the long-term damage to your organization. An incident response retainer with a reputable company functions like an insurance policy—it provides additional resources to deal with a devastating cyberattack. If you don’t have a team on retainer, you will have to start looking for an incident response partner after a security event. By then, you’ve lost critical time and money.
- The best fortresses have layers. While most companies are migrating to cloud providers with robust security protocols, they can’t protect against good old-fashioned password theft. Hackers can use brute force and phishing attacks to get their hands on valuable passwords. Once in the system, they cause mayhem. Two-factor authentication tools provide an extra layer of protection by requiring employees to approve logins through an alternative device, such as their mobile phones.
- Have you covered all your bases? As cyberattacks become increasingly common, so too does the need for insurance protection. Many providers now offer coverage with a variety of associated options, requirements, and costs. Be sure to include your incident response team (see #1) and legal partners on your policy to minimize delays during a security incident.
For more facts on cybersecurity