Manufacturing Is Not Immune To Cybersecurity Threats
The high-profile cybersecurity breaches that make headlines tend to involve retailers and financial services. Manufacturers may think they won’t be targeted.
A 2018 IBM-sponsored study by the Ponemon Institute examined 17 industries in terms of cybersecurity threats. Manufacturing made the top three most-impacted sectors, along with the financial and service industries.
Once possible cause: manufacturers often put fewer resources into information security, making them a popular target for cyber criminals.
An article on Manufacturing.net goes into some detail. Why the Manufacturing Sector Finds Cybersecurity Challenging, by Robert Hannigan, points out that major 2017 ransomware attacks—Wannacry and NotPetya—caused catastrophic business interruption to major manufacturers like Reckitt Benckiser in Europe and Mondelez in the U.S. Merck pharmaceuticals cited a $260 million loss in sales for 2017, and projected additional losses of $200 million for 2018.
These attacks demonstrated the ugly truth that
Even if a company is not specifically targeted by cyber criminals it may well be caught by attacks on others, as cyber ‘collateral damage.’ No one thinks that manufacturers were targeted by either Wannacry or NotPetya, but that was no consolation to those unable to do business when this malware spread indiscriminately.
The National Institute of Standards and Technology (NIST), has developed a five-step framework for cybersecurity. This protocol, available online, can be implemented by a business of any size. Check out the NIST Cybersecurity Framework for details.
Got questions? Consult your local representative of the MEP National Network. The MEP (Manufacturing Extension Partnership) has centers in all 50 states and Puerto Rico.
Industry Week published a useful article, How to Identify Your Company’s Cybersecurity Risks by Traci Spencer, detailing the first of the five steps: Identifying your risks. Here’s a brief summary:
Control Who Has Access to Your Information
Keep a list of employees with computer access. Include all business accounts, the type of access (physical or passwords). Physically secure all laptops and mobile devices when not in use. Do not allow physical access to computers or systems by unauthorized personnel, such as cleaning crews, maintenance personnel, and unsupervised computer repair personnel.
Conduct Background & Security Checks for All Employees
Conduct full nationwide searches on all prospective employees or others who will access your computers and systems.
Require Individual User Accounts for Each Employee
Individual accounts are essential to investigate data loss or unauthorized data manipulation. Limit the number of employees who have administrative access.
Create Cybersecurity Policies & Procedures
Rely on the useful tips from the MEP National Network to get started. Consult with a legal professional familiar with cyber law to review your policies. Include your expectations relating to how your employees will protect company information; clarity on which essential resources must be protected; a signed agreement from each employee to confirm they’ve read the policy and understand it.
Proactive Prevention is Crucial to Avert Cyber Attacks
As we approach an election year, destabilizing cyber attacks are sure to be on the horizon. As Hannigan states in his article,
The increasingly aggressive and irresponsible behavior of nation states online posed a new threat to new sectors. Hostile states might well have reason to disrupt energy, utilities or manufacturing as part of a political campaign against the West. The old assumption that cyberattacks were only about making money, and therefore less of a threat to manufacturing, was shown to be mistaken.
Make sure your manufacturing company isn’t part of the collateral damage of these dangerous cyber-shenanigans. Advance prevention could prevent costly production interruptions, information breaches, fines, and legal fees.