By: Jeff Fucito and Brandon Smith
How do you feel about shutting down operations while you pay hackers a ransom to (hopefully) release control of your manufacturing company’s computer systems and smart production devices? If that sounds like the worst idea, cybersecurity needs to be a high priority for your business. From ransom demands to the loss of crucial intellectual property, hackers are creating huge headaches for small and mid-sized manufacturers in every state.
An attractive target
Manufacturers often believe that hackers are looking for bigger or more tech-focused targets, but that’s a misconception. Cybercriminals have figured out that manufacturing businesses make ideal targets, and they’re looking for a way in. That’s not always hard to find, either —which is part of what makes manufacturers so attractive to hackers.
With their complex network of vendors, logistics teams, distributors, retailers and others who play a part in the production chain, these businesses tend to have multiple systems that provide numerous entry points for an enterprising hacker to exploit. And since these systems are often linked between many companies, criminals may be able to work their way through to attack numerous businesses once they’ve gotten into a single system.
The smart devices that help make Industry 4.0 so efficient also carry cyber risks for manufacturers. Those internet-enabled devices on a modern production facility’s shop floor allow managers to monitor and control operations remotely; unfortunately, they offer the same ability to hackers in the event of a security breach.
What they want
Manufacturers don’t typically hold vast amounts of credit card data or other sensitive financial data from customers, so what are these digital troublemakers looking for?
Easy money, for one thing. Disrupting the company’s computer systems and manufacturing line, then holding data and system control hostage until their demands for ransom are met (usually in digital payments like bitcoin) is a favorite tactic. Of course, there’s no guarantee that victims will actually regain their data in a usable form if they do pay up — or that they’ll get anything at all in exchange for the ransom.
Cybercriminals also seek private business information about the company or affiliated businesses (like those with which its systems are interlinked). This can include contracts, customer lists, bidding information, business plans, manufacturing processes and more.
Intellectual property that can fetch a high price on the black market is another popular target for hackers. From patents, designs and R&D to proprietary software, most manufacturing firms hold a surprising amount of valuable IP that can reward those who know how to sell it illegally.
Risk mitigation strategies
Prevention the best way to limit the risks to your business. Investing time and resources in these important strategies may seem like a hassle, but it’s well worth the effort — and far less costly and disruptive than the consequences of a successful hacking attempt.
- Educate team members – Human error allows most cyberattacks to succeed. It’s critical to establish a clear security protocol. But your policy only works when every single team member understands and follows it consistently, so training and enforcement are key.
- Identify vulnerabilities – Spotting weak points in your own systems can be challenging, especially when multiple systems are involved. Engaging professional help to identify and remedy any vulnerabilities is usually the most effective and cost-efficient approach.
- Monitor systems – Would you be able to recognize a system breach in the absence of a dramatic event? Often, the warning signs of trouble are overlooked. Qualified professionals should closely monitor the company’s internet-enabled tools and systems at all times, whether that’s an in-house cybersecurity team or outsourced experts.
- Plan for the worst – Though you hope you’ll never need it, it’s important to formulate a clear and detailed disaster response plan with provisions to ensure business continuity. Have usable backups, know who to call and spell out exactly what each person should do in the event of a cyberattack — or a disaster of any kind.
The threat that hackers can pose to your manufacturing business is real and ignoring it won’t solve the problem. Completely eliminating cybersecurity risk is impossible, but focusing on prevention can reduce the potential for a successful cyberattack and limit the harm it could cause. Reach out to the cybersecurity advisors at Mauldin & Jenkins to learn how we can help you protect your business.