Manufacturers cannot afford to put cybersecurity issues on the back burner. Just because manufacturers may not sell directly to consumers, it does not mean that they are not at risk. Sometimes manufacturers are impacted when their customers or vendors get hit by a cyberattack. And while news media gives play to data breaches that occur at large retailers or financial institutions, manufacturers are becoming a more common target. Let us identify the reasons why and what you can do to get ahead of cybercriminals.
Exposing vulnerabilities
Cybercriminals may target manufacturers because, in many cases, they are more vulnerable than other types of businesses. For one thing, the manufacturing supply chain is complex, with an intricate network of suppliers, logistics firms, distributors, retailers and others, that are often connected by the Internet. Members may have access to each other’s systems, so a vulnerability in one link of the supply chain can expose the entire chain to cyber risks.
Also, as the digital revolution continues, manufacturers increasingly rely on Internet-connected devices on the shop floor that can be monitored and operated remotely. At the same time, the manufacturing industry has been slower than other industries to upgrade their IT infrastructures and develop robust security practices designed to prevent, detect and mitigate cybercrime.
Related Read: The Future of the Supply Chain Is Digital
Hacking the system
Manufacturers’ systems generally do not store customers’ credit card numbers and other sensitive data that criminals can use to perpetrate identity theft and similar crimes. Instead, cyberattacks against manufacturers are designed to disrupt operations and extort money.
For example, a hacker that gains access to Internet-connected devices could shut down operations or cause you to produce defective products. The criminal could also introduce ransomware into a manufacturer’s systems, blocking access until a ransom is paid.
Another technique is to steal valuable intellectual property stored on a manufacturer’s system and sell it on the black market. Examples include patents, designs, manufacturing processes, research and development documents, customer lists, contracts, bidding information, business plans, marketing plans and proprietary software.
Manufacturers are also not immune to ordinary fraud. For example, a cybercriminal may send a phony email from an actual vendor, updating its payment information and asking the manufacturer to send all future payments to a bank account the criminal controls.
Working remotely, a part of our current environment, can also increase the opportunity for hackers to gain access to your system through other connections that may not be as secure as when employees are working in the office. Make sure that your IT department has a strong policy in place and guidelines set up for your team to follow.
Minimizing risks
To avoid potentially devastating cyberattacks, it is a good idea to conduct a risk assessment to take inventory of your hardware, software and data and identify any vulnerabilities. It is critical to examine all the ways employees, vendors and other partners can access your network. Then, implement policies, procedures and controls designed to prevent unauthorized access.
Equally important is an incident response plan to mitigate the damages in the event of a breach. Finally, have a solid backup plan that enables you to resume operations if a hacker destroys or blocks access to data. Remember to make sure that the backup program is tested; just having one in place does not guarantee it will work when you need it.
Adding cyber insurance
One way to protect your business is with cyber insurance. General liability policies typically exclude cyber claims. Insurance carriers are limiting coverage to specific ransomware claims, excluding coverage for specific known vulnerabilities and requiring applicants to provide more details about their data security control efforts before extending coverage, according to the 2022 Cyber Insurance Market Conditions Report published by insurance consulting firm Gallagher US.
Manufacturers should add cyber insurance; it should be part of the company’s technology cost today and should be part of its risk prevention program. After all, in today’s digital world, cyberattack claims may be as likely — or even more likely — than fire, tornado or other natural disaster claims.
Educating your team
Ransomware and malware take advantage of sloppy security. To avoid falling prey to a cyberattack, educate your staff on cybersecurity best practices and potential vulnerabilities. Every employee is a link in your cybersecurity chain. Many technology programs are available that help educate employees and allows the company to track who has and has not viewed each training session. The training should be continuous throughout the year, not just a reminder email once a year sent by the IT department. Ignoring the risks is not an option in today’s interconnected marketplace.
Related Read: Why Manufacturers Cannot Afford to Ignore Cybersecurity
For more information, contact Mark Thomson or your ORBA advisor at 312.670.7444. Visit ORBA.com to learn more about our Manufacturing & Distribution Group.