The manufacturing industry is constantly evolving.
Manufacturers are replacing their tried and true analog processes with more advanced technological solutions including networking machinery with computers, using CAD/CAM data files, and integrating A.I. and other machine-learning software into their operation to stay competitive. With these technological advancements come increased efficiency, capabilities, and convenience. On the downside, however, it also brings with it a few new threats – cybersecurity being the most prominent.
With a new focus on innovation, an increased dependency on network-connected products, and technology changing at a rapid pace, the manufacturing industry is now extremely susceptible to cyber risk.
If you’re thinking that your manufacturing operation would never be the victim of a cybersecurity breach or attack where sensitive information is compromised, then you are mistaken. The truth is, even though you may not sell products or services online or have thousands of credit cards or customer data on file, you are still vulnerable to a cyber attack. The modern-day hacker is becoming increasingly more sophisticated and strategic in their efforts, and it appears that manufacturers are at the top of the target list.
The Top Three Cyber Crimes That Are Currently Affecting Manufacturers
Of the thousands of cyber attacks that happen each year, data is still a primary focus for digital criminals. However, hackers have begun focusing their efforts on three additional crimes and manufacturers nationwide are in their sights.
- Interruption of Operations – In the past, when hackers could not find any personal data such as bank account numbers and credit card information to resell, they abandoned their attack. Now, with the aid of ransomware, savvy criminals are able to halt entire production lines, as well as seize networked computer systems demanding payment or ransom.
- Intellectual Property Theft – Hackers are now strategically going after one-of-a-kind property, including trademarks, copyrights, patents, and trade secrets because they know they can be sold for a premium on the black market.
- Direct Theft of Funds – Manufacturing companies, like many businesses today, work with a number of vendors, which is music to hackers’ ears. In as little as a few clicks of the mouse, these criminals can quickly create and send engineered e-mails to vendors requesting that they send all payments to an updated bank account that is not yours. They also have a record of moving entire company payrolls to offshore accounts before Human Resources has any idea that such a disruptive theft is taking place.
It should come as no surprise that Fred C. Church, your commercial insurance and risk management resource, recommends that you take several essential cybersecurity precautions to protect your manufacturing operation from this growing threat. In addition, we are using this blog to share some valuable information about protecting your business from a cyber attack now, and in the future.
Protect Your Manufacturing Business from Today’s Newest Cyber Threats
We recently became aware of an article on Entrepreneur.com, which discussed the three most significant security risks for all businesses to watch out for, and manufacturers are no exception. The main takeaway for us was that, as any company becomes more plugged into the digital world, you are opening yourself up to crimes that used to exist only in TV dramas or Sci-Fi movies. The following risks are some of the lesser known, but just as pervasive, threats to your organization:
Risk #1 – The Internet of Things (IoT) Leaks
What is the Internet of Things? In its most simplistic form, the IoT represents anything with an “On” or “Off” switch that is connected to the internet. For example, in your personal life, it may be your Smart TV, Amazon’s Alexa, the Nest, or any other smart home technology. Professionally, the automated machines in your production line, lights in the parking lot of your building that come on at dusk, alarm systems that you turn on when you lock up, and your HVAC system all represent a company’s participation in the IoT.
As companies invest in more technological advancements, they become more connected in real-time and increase their exposure to significant cybersecurity risks. And often, businesses are not prepared to defend themselves.
It may be hard to imagine, but criminals can use automated computer programs to find your business’ IoT devices and then work diligently to break into or connect to them using something so simple – the default login credentials. Unfortunately, it would appear that many users do not take the time to change the username or password that comes with the device, which makes this tactic an easy one for the attackers. Once these cybercriminals gain access, they can simply and quickly install malware, basically taking control of your entire system and allowing them to wreak havoc on your operation.
The easiest way to stay secure is to update your passwords immediately after installing any new programs. We recommend you create a secure password that includes upper and lowercase letters, numbers, and symbols. The more complicated the sequence, the harder it will be for a cybercriminal to hack into your systems. You should also never recycle passwords or use the same password on multiple systems. It is essential that you roll this procedure out company-wide, and train your employees to adopt password best practices. This should be followed by regular reminders and inspections to ensure that the recommended procedures are being utilized.
Risk #2 – Opaque Algorithms Can Leave You in The Dark
As manufacturing becomes more and more automated, and warehouse operations are being run by computers using advanced algorithms, companies are increasingly finding themselves ripe for cyber attack. However, it is not just manufacturers that are experiencing this dramatic shift; health and human services, engineering and, yes, even the insurance industry are all areas where you can find machines or bots running themselves with less human interaction than ever before. These high-functioning programs can be welcome game changers for any industry, but they can also reduce your ability to see how a system is performing and functioning. This lack of transparency opens the door to cybercriminals, who can break into a system and cause disruptions that are often not detected until after the damage is done.
These disruptions or interruptions to your normal daily operation can be just a small annoyance that is easily resolved, or they can turn into a major system failure that ultimately costs your company hundreds of thousands of dollars in losses along with massive reputational damage. The ISF, Information Security Forum, recommends you address this potential vulnerability in the following ways:
- Identify your company’s exposure to algorithm-controlled systems and determine when human involvement could potentially be a fail-safe option
- Update code maintenance policies
- Identify a variety of methods for managing algorithm-related incidents
- Develop robust business continuity and recovery plans to eliminate any downtime
Risk #3 – Security Researchers are Losing Their Voice
We all know the saying, “see something, say something”. Well, unfortunately, this is starting to apply less and less to cybersecurity professionals, which could end up having a really significant impact on businesses. It’s critical that these security researchers have a “voice” to share their knowledge when they identify a universal system vulnerability. However, a recent trend reported by the ISF noted that sometimes the government or private companies take legal action to block researchers from sharing security threats they have uncovered in particular software.
It should be pretty clear why these organizations are taking legal action against researchers – they would prefer to hide the flaws in their systems, rather than invest in fixing them. This is the common mindset even though these issues may be putting millions of businesses at risk for a disastrous cyber attack. This lack of transparency particularly exposes small to mid-sized business owners, like you, who buy into a system not realizing that there may be intrinsic security risks lurking in the background.
If you are in the market to upgrade any of your computer systems, whether in your plant, building or office, then the ISF recommends that you insist on transparency during the buying process, including the ability to review the manufacturer’s vulnerability disclosure policy and testing results. If a company is not willing to share these details with you, then it’s probably time to find another solution. Having a secure system you are confident with might cost you more upfront, but it could also save you hundreds of thousands of dollars in the long run by limiting your exposure to cyber attack.
As you can see, it is very important that manufacturers take these threats seriously and prioritize addressing any potential cyber vulnerabilities they may face as an organization. Taking the necessary precautions now, including partnering with an experienced team of risk management and insurance professionals, like Fred C. Church, is not only a smart use of your time but an effective way to safeguard your operation from potential costly cyber attacks. In addition, you may want to consider speaking with a third-party cyber risk or IT consultant who can help you identify your specific vulnerabilities, as well as develop a personalized plan to address them. Fred C. Church recognizes the rising threat cybercriminals are posing to business owners, which is why we provide our commercial clients with exclusive access to a variety of cyber risk services. This initiative, combined with a well structured cyber insurance solution for when significant risk events do take place, gives you a one-two punch in the ongoing fight against cybercrime.