Many consider 2017 the "worst year ever” for data breaches and cyberattacks, largely due to the rise in ransomware. And IT experts predict it’s only going to get worse. According to the Online Trust Alliance (OTA), a non-profit that works to develop tools and best practices that enhance internet security, cyberattacks targeting manufacturers and others nearly doubled in volume from the previous year. The worst of the worst? WannaCry, which struck in May 2017, infecting approximately 300,000 computer systems, encrypting files and demanding a Bitcoin payment to decrypt them.
While large manufacturers may become victims due to their name and the news value, small and medium-sized manufacturers (SMMs) are vulnerable because they’re less likely to have strict security protocols in place, making them easy targets. According to studies by the Manufacturers Alliance for Productivity and Innovation and IBM, nearly 40% of surveyed manufacturing companies were affected by cyber incidents in the past 12 months, and 38% of those impacted indicated cyber breaches resulted in damages in excess of $1 million. Just ask Boeing. In mid-March of 2018, WannaCry reared its ugly head again, putting the aerospace industry on high alert. Concerns over whether vital airplane-production equipment could be taken down ran rampant, while SMMs serving Boeing wondered whether their facilities were at risk as well. Thankfully, the consequences of the attack were minimal, with Linda Mills, head of Boeing communications, reporting that the vulnerability was limited to only a few machines, and the deployment of software patches allowed for business to continue as usual.
There are other reasons manufacturers have a target on their back. For one, all manufacturing facilities are different, and there’s no one uniform cybersecurity policy that manufacturers can adopt across the board. In addition, many older facilities continue to use outdated legacy equipment, increasing their vulnerability. These factors and others even led to cybersecurity expert Roel Schouwenberg making the threat of cyberattacks the primary focus of his keynote address at the 2018 IndustryWeek Manufacturing & Technology Conference & Expo.
So what are some steps manufacturers can take to reduce the risk of a cyberattack?
1. Install Antivirus Software
To protect against viruses, spyware, and other malicious code, make sure all computers are equipped with antivirus software and anti-spyware. Software is available online from a variety of vendors, and most regularly provide patches and updates to correct vulnerabilities and improve functionality. Be sure to configure all software to install updates automatically.
2. Secure Your Networks
Safeguard your Internet connection by using a firewall. If you have a Wi-Fi network, make sure it is secure and hidden. To hide your Wi-Fi network, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password protect access to the router. In addition, if you store sensitive information on servers or databases, be sure to encrypt it. If an employee can easily export sensitive data as an unencrypted file, that data is not secure.
3. Educate Employees
Employees can often be a manufacturers biggest vulnerability, so education is key. Make sure employees are aware of online threats and understand how to protect sensitive data; consider providing examples of what a suspicious email may look like, and who to report it to. A comprehensive course with a cybersecurity expert may be most beneficial.
4. Restrict Employee Access
Review employees’ roles and privileges regularly to be sure they are only able to view and access data that is necessary to their assigned job. This way, if an employee falls victim to an attack, the spread and scope of the attack will be minimized. With more and more employees working from home or remotely, restricted access is a necessity.
5. Use Strong Passwords
It may seem like a hassle having to use upper and lowercase letter, numbers, and special symbols, but it’s an easy way to prevent cyber threats. For extremely sensitive data, you might also consider implementing a two-step authentication system to gain entry.
6. Backup Critical Data
Regularly backup the data on all computers. If a breach occurs, you’ll want to recover your data quickly, and regular backups are the best way of doing this. Consider both onsite and offsite backups (you can utilize the cloud for this) to reduce downtime regardless of the severity of the breach. Backup data automatically if possible, or at least weekly.
7. Purchase Cyber Insurance
Cyber insurance can’t help you retrieve data, but if you’re dealing with sensitive customer information, such as social security numbers or credit card information, an insurance policy can cover your liability if a hacker steals or gains access to this data. A recent Industry Today story outlines the need, and the types of insurance available, to SMMs.
8. Consider a Partner Cloud Provider
If all this sounds daunting, you may consider moving to a Virtual Private Cloud (VPC) hosted by a reputable cloud provider. VPCs offering heightened security, compliance, and can even have significant cost benefits. A Disaster Recovery as a Service (DRaaS) provider or Security as a Service (SECaaS) can also help protect your data and your recovery time in the event of attack. Plus, many providers operate more as a partner, giving you access to IT experts 24/7.
It’s no longer enough to hope for the best. Today, manufacturers must plan for the worst. By increasing internal security protocols or considering an external vendors to monitor dangers for them, manufacturers can protect themselves and their customers from the ongoing threat of cyber attacks.