By Wil Cox, Account Executive
Manufacturers of all sizes are at risk of crippling ransomware attacks and the consequences can be devastating.
These attacks involve the “virtual” theft of digital files. Hackers then demand a monetary ransom before the files are restored.
Attacks against small and mid-size manufacturers are rising at an alarming rate. At the Wisconsin Manufacturing Extension Partnership’s recent Manufacturing Matters! conference, leaders from four manufacturers who took part in a cybersecurity discussion stated that their companies had been targets of ransomware attacks and that money had to be paid out to have their systems returned.
One of those companies had been hacked twice. Another avoided paying money to the cyber attackers because it had an effective backup and rebuilt their system. The others had no choice but to pay the ransom.
Smaller manufacturers are being targeted because they usually haven’t invested much in the way of cybersecurity. Hackers often take advantage of this lack of security and take control of the systems, seeking $10,000, $20,000 or even more, in some cases as much as $50,000, from manufacturers to have their systems returned before moving on to the next target.
In most cases, money paid to hackers must be in the form of cybercurrency, such as bitcoins.
One manufacturer, after having its system hacked, struggled in gaining quick access to bitcoins. Now, as part of their cybersecurity contingency program, rather than focusing solely on prevention, they established a bitcoin account in case of another cyberattack that would require a ransom payment.
If manufacturers opt not to pay ransom, they must rebuild their systems and have a cybersecurity expert make sure it’s locked down before restoring it.
In the face of this threat, small and mid-size manufacturers need to take steps to keep their information technology systems safe, not only for their own benefit but also for those of their customers.
The Wisconsin Manufacturing Extension Partnership has developed services aimed at addressing cybersecurity issues.
Once a manufacturer expresses interest in cybersecurity, the WMEP meets with them and assesses their situation before immediately setting them up with a third party cyber security firm that has been vetted through the National Institute of Standards and Technology’s Manufacturing Extension Partnership network.
In a vast majority of cases, cybersecurity problems aren’t solely tied to the information technology system a manufacturer is using but the result of the actions of employees, who open emails that a unleash ransomware, or malware, attacks. It’s a people challenge rather than a technology challenge.
The internal training of employees and internal processes becomes very important. Not only do manufacturers need to test the information technology boundaries of their system but they must make sure that their employees understand the threats to the system.
If your system has been hacked, how do you recover from it? If you do have a fire how do you put it out when it is just a small flame and how do you recover from it quickly as opposed to having to rebuild your entire system. Better yet, what can you do to reduce the chances of a fire. It’s vitally important to continuously monitor your systems and identify potential new potential threats.
These are issues that the WMEP can help address.
Ignoring potential threats can be extremely costly.
Many manufacturers remain in denial but they must understand that an effective cybersecurity implementation will become a mandate is going to get teeth and they are not just going to be asked to address it, they are going to be told to improve their cybersecurity measures or lose business.
It’s almost certain that potential customers will begin inquiring about a manufacturer’s cybersecurity system as part of their own risk mitigation or management.
After all, who would want to deal with a supplier that doesn’t have an effective cybersecurity system, much in the same way customers demand that manufacturers have effective quality systems in place?
Wil Cox is an account executive at the Wisconsin Manufacturing Extension Partnership and is a member of the NIST MEP Cybersecurity Working Group and the NIST MEP Cybersecurity Steering Committee.