Most small businesses today are failing to proactively address the threat of cybercrime, and manufacturers are no exception. Last year, manufacturers were subject to some of the worst cyber-attacks in history. From WannaCry to Nyetya, criminals have discovered the manufacturing industry is ripe for cyberattacks, and manufacturers are learning the hard way that it’s time to update their IT security and policies.
Manufacturers are often the target of cyber-attacks because every facility is different in terms of IT infrastructure, systems used and data to protect. There’s no uniform practices that will secure every manufacturing plant in America overnight.
It’s also very difficult to modernize a large manufacturing facility. Many facilities use dated legacy equipment or industrial Internet of Things (IoT) equipment that were designed without security in mind. Other threats include gaps in IT and Operations Technology (OT) that create network vulnerabilities, along with a lack of documented training, processes and procedures that educate employees.
Simply put, most manufacturers are relying on technology built without today’s cyber threats in mind, and the rapidly changing security landscape has left many at risk.
Here’s what you need to know to prevent production from coming to a grinding halt.
Threats to Manufacturers
A single data breach can cost a manufacturer years’ worth of proprietary information and lead to a permanent loss of customer trust. Cyber security can no longer be thought of as a checklist for business owners to complete once. Today, the companies most hurt by cybercrimes are those who fail to adopt key security practices.
In a 2017 Cybersecurity report, Cisco found that 28% of manufacturing organizations reported an average 14% on lost revenue due to attacks in the past year.
The rift between legacy equipment and modern technology has created a security gap in many manufacturing facilities, exposing a wide-range of equipment that all require different protective measures. IoT devices were never designed to protect themselves from threats. Since robotic arms aren’t compatible with firewalls, cyberattacks have evolved to target these weaknesses, effectively make any facility a highly enticing payday for criminals.
Bad actors have also found that IoT devices are ripe for botnets that launch DDoS attacks in an attempt overwhelm and crash a network. 2016 saw the birth of the Mirai botnet, which targeted IoT devices like refrigerators and DVR devices to take down industry titans such as Netflix, Twitter and Reddit.
We’re in a new era of cybercrime where DDoS attacks can cause wide-reaching attacks that can cripple a business of any size. As manufacturers transition to a new era of cybersecurity, safeguards against these sorts of attacks are crucial.
Steps you can Take to Prevent Disaster:
It may seem like cybercrime evolves faster than a facility’s ability to keep up, but there are a variety of steps you can take to protect your business. For now, let’s establish a few key practices to get you started.
- Prioritize your business needs
Every industry varies in the type of data that is most important to protect. For manufacturers, it’s intellectual property (IP) and trade secrets such as chemical formulations, supply chain management or confidential company secrets. By securing your network and creating safe, encrypted storage for your IP, you’re protecting your patents and designs. Start by conducting an IT risk assessment to better understand where your most sensitive data lives and the current threats to your business, and then work backwards to determine how to best prevent a data breach.
- Establish company-wide cybersecurity policy
Employees are often the target of cybercrimes. Due to lacking cybersecurity education, they tend to cause data breaches unintentionally. By issuing company-wide cybersecurity measures, your policy can help prevent data breaches and establish a system for periodic testing to ensure employees are following best practices. Third-party audits can be helpful for conducting such audits.
- Set better passwords
Yes, the bane of many a computer-user. Passwords that are easily cracked cause more damage to small businesses than you’d expect. Experiment with passphrases, mixing characters, cases and words to strengthen your passwords. You’re also going to need different passwords for every log in. It can be a headache, so use a password manager to keep track of everything.
Beyond complex passwords, take every opportunity to apply two-factor authentication (2FA). The process only takes a couple of minutes to set up and can serve not only to secure your profiles from external use, but it can alert you to third party attempts to access your accounts and give you the opportunity to prevent an attack. Platforms like Google have their own 2FA tools that relay access codes to mobile devices and unique email addresses. Apps like Duo will allow you to set any log in to 2FA controls.
- On and off-site data backup
In the event of a breach, you will need to recover your data quickly. To do this, you should be prepared for the worst with both onsite and offsite backups. By having both, you’ll be positioned to recover your data with minimum downtime — regardless of how bad the breach.
For more best practices on how to create a safe, monitored environment for your business, download our Manufacturer’s Guide to Cybersecurity and implement additional tactics to keep your company safe.
If you’re ready to modernize your facility to preempt cyber-attacks and want to train your employees to recognize, asses and deter attacks, reach out to see how Switchfast can prepare you to best protect your organization.