Many manufacturers think they aren’t big enough to be targeted for cyberattacks. Their small size and low public profile may give them a false sense of security. As manufacturing operations become more digitized and cyberattacks more sophisticated, even the smallest firms are potentially vulnerable.
Manufacturing is now the most targeted industry for cyberattacks. It’s not just the big firms getting hit – small businesses account for over half of data breaches. What makes smaller manufacturers easy targets? Staying current with cyberthreats is especially hard for smaller firms that have a lot of other things to worry about. Small firms often put fewer resources into cybersecurity and neglect protecting their systems adequately. They may use older computers that don’t receive security patches or software updates – leaving the whole system more vulnerable to a breach.
One of the biggest cyberthreats to businesses today is ransomware. Ransomware is used by criminals to hold data hostage and demand payment. This constantly changing form of malware sweeps through an entire system, encrypting files and rendering them useless. Ransomware attacks can get out of control quickly. Attackers are growing bolder and using high-pressure tactics to get ransom payments.
Ransomware isn’t new, but the incidents are increasingly disruptive. You may not realize right away that your company’s computers are infected. Often the ransomware is downloaded unintentionally and sits on your system, siphoning information, before encryption is triggered. At that point, your firm’s data is held behind a paywall until you pay a ransom to release it – with no guarantee that you’ll get your data back even if you pay!
While firms used to be able to restore their data from backups, it’s often no longer that simple. With more sophisticated attacks and stealth operations, your backup files may be infected or destroyed before you even know you’re under a ransomware attack.
Breaches often result in privacy violations and public relations issues. If the hackers are from Russia or another sanctioned nation, you may violate laws by paying criminals ransom. You want to do everything you can to avoid this situation.
You trust your employees, but studies show they are a vulnerable point in every company’s information security. Create a “human firewall” as your first line of defense. Train your employees about cybersecurity from day one and update that training at least annually.
Make sure your employees are aware of threats, understand your information security policies, and know what they’re expected to do to protect your firm’s information and technology. Provide your employees with guidance on issues like:
Your best bet to prevent ransomware attacks is developing a cybersecurity plan that assumes you have vulnerabilities inside and outside of your networks and firewalls. Key elements of a good plan include:
The evolving ransomware landscape means your firm is at risk if you don’t take the threat seriously. To ramp up your defense against ransomware attacks, consider:
Your company benefits from periodically reviewing its operations and supply chain. Similarly, you should hit “refresh” periodically and take a careful look at the strength of your cybersecurity controls and protocols. You want to make sure you’re doing everything you can to prevent breaches, but are also prepared to respond to an attack if it happens. A cybersecurity review helps you identify vulnerabilities and make informed decisions.
Reducing your cybersecurity vulnerabilities makes your firm a more attractive supplier. Larger companies demand increased visibility in their supply chains. Many encourage or require companies in their supply chain to have cybersecurity measures in place. This helps ensure that the bigger firms’ systems don’t get hacked through their suppliers. It also creates trust that suppliers are reliable and reasonably safe from attack, reducing the likelihood of a supply chain disruption.
Think of it as preventive maintenance. The steps you take to improve your cybersecurity defenses will protect your various assets – equipment, intellectual property and sensitive information about your supply chain partners. Strong cybersecurity is good for your business, so now is a great time to get started. And it’s more vital than ever with increased digitization – you have more vulnerabilities and more to lose. The cost of a breach is likely much more than the cost of prevention.
No ransomware prevention plan is perfect, so update your cybersecurity plan at least annually. Your local MEP Center is here to help with expertise and access to a variety of cybersecurity tools and resources to meet your needs.
Steve Gillock is Cybersecurity Director at TechSolve, part of the Ohio Manufacturing Extension Partnership and the Manufacturing Extension Partnership National Network.
Joe Anderson is Senior Cybersecurity Analyst at TechSolve, part of the Ohio Manufacturing Extension Partnership and the Manufacturing Extension Partnership National Network.
Connect With Us