Tuesday, May 29, 2018
Cybersecurity for Manufacturers: Know Thy Enemy!
Today’s manufacturers are becoming increasingly more reliant on utilizing technology, computers, and the internet to conduct their business. The Internet of Things (IoT) is revolutionizing the global manufacturing landscape, and many manufacturers are eager to leverage data from their operations to make better and more informed decisions. As manufacturing equipment, end products, and manufacturing companies become more interconnected, it is vital to understand why cybersecurity is so important.
Many small-to-medium sized manufacturers think they are simply too small to be a target for cybercriminals. That assumption couldn’t be further from the truth. According to a report from the U.S. Department for Homeland Security, manufacturing is the third highest industry with the most reported cyber-attacks, with the financial and healthcare sectors claiming the #1 and #2 spots, respectively. Research performed by the National Cyber Security Alliance revealed that more than 70% of cyber-attacks target small businesses. An IBM report indicated that the average business is attacked 46 times every day. Although most of these attacks do not succeed, it only takes one successful attack to cause major loss and damage to a company. As many as 60% of small and medium-sized businesses go out of business within six months of being hacked.
Cybercriminals (hackers) don’t care how big or small you are. What they care most about is how easily they can break into your network and systems. Cybercriminals use automated software called “bots” to scan the internet for vulnerable access points to company IT systems. Hackers try to “pick the lock” by trying commonly used and easily guessed passwords. Hackers send emails to company employees to entice them to click on a link that will download malware onto their computer so they can bypass company firewalls. Hackers are looking for the easy targets. Imagine if you were a criminal, would you rather break into Fort Knox, or break into a jewelry store with an unlocked back door?
Once hackers get into your systems, they are interested in anything of value from your business. Hackers will try to get confidential employee information, like social security numbers, birthdates, and addresses so they can perpetrate identify theft or sell the information on the dark web. Hackers will try to steal intellectual property like business records, design files, and manufacturing methods so they can sell the information to your global competitors. Hackers will also use ransomware attacks to try to lock you out of your own computers and extort you for money in order to regain access.
The risks to your company are real and the consequences are potentially devastating. Fortunately, there are basic steps that you can take to help mitigate the risk to your company:
- Make sure all computers on your network are updated with the latest patches to the operating system and software. These fixes help plug known holes that cybercriminals try to exploit to gain access.
- Train employees about cybersecurity best practices and educate them about how to recognize an attempted cyber-attack. Most successful hacking attempts involve human error, such as clicking on a malicious link in an email.
- Develop a contingency/recovery plan. You can minimize business disruption and downtime by routinely backing up data to a secure location and test out restoring the data. Unfortunately, many business skip testing out their data recovery process and find out too late that either their back-ups weren’t being done correctly or done at all.
- Restrict access to sensitive data by using administrative controls and passwords. Limit access to only the people who truly it can help prevent intellectual property from walking out the door.
- Adopt known cybersecurity best practices. The National Institute of Standards and Technology (NIST) has established a standard that defines security requirements across 14 categories. Federal agencies, such as the Department of Defense, have made compliance with this standard mandatory for companies handling controlled unclassified information.
Purdue MEP has helped numerous companies improve their cybersecurity readiness by conducting on-site cybersecurity assessments and providing useful information on how to minimize risk and vulnerabilities. Our cybersecurity experts are ready to help your company defend against the enemies lurking outside your firewalls. Click here to learn more or contact us at firstname.lastname@example.org.
Writer: Robert Goosen, 317-388-5128, email@example.com