Year-round manufacturers are under constant threat from cyberattacks, whether they are aware of it or not. However, cybercriminals tend to increase malicious activity during the holidays. Why? The holidays come with an elevated amount of email and financial activity, all conveniently while people are out of the office or traveling for the holidays. Inboxes become overloaded with holiday messaging and deals, and often this quarter-end marks the closing of the financial year for most manufacturers. For these reasons especially, the holiday season is prime for cybercriminals to set their sights on unexpecting manufacturers.
Why target manufacturers?
Manufacturers are prime targets for cybercriminals because of their deep, connected network from customers to suppliers. Additionally, many manufacturers are small to mid-size businesses that outsource their IT services and do not have the in-house expertise to immediately respond and combat a cyber incident.
While some manufacturing companies may need a more robust, mature cybersecurity program, every manufacturer should know the common types of cyber threats prevalent around the holidays and how to reduce the likelihood of falling victim to an attack.
Social Engineering and Pay Fraud
Social engineering uses deception to manipulate individuals into divulging private information or access that then can be used for fraudulent purposes. Social engineering can occur over a series of months or in a single email. Attacks can happen online or in-person, but most commonly, social engineering involves email or other forms of communication that invokes urgency, fear, or similar emotions, luring the unsuspecting victim into exposing data, spreading malware infections, or giving access to restricted systems.
In 2017, Cincinnati Crane and Hoist, a manufacturer in Southwestern Ohio, fell victim to a phishing attack. The malicious actor used stolen credentials to pose as a Cincinnati Crane Representative and redirect payments to a fraudulent account. As a result, Cincinnati Crane and Hoist suffered significant financial loss and reputational damage.
“It was hard for me to believe that a [manufacturing] company like us or our size would garner their attention. That it would be worth their time to come after somebody like us … but it is.” – Tony Strobel, President and CEO, Cincinnati Crane and Hoist
Hear more of Tony’s initial reaction to falling victim to a cyber-attack and how his company overcame the challenges of rebuilding afterward in the video below.
For manufacturers and other companies alike, phishing attacks are a constant threat. As one of the most common and widespread forms of social engineering, phishing starts with a malicious email disguised as a trustworthy one trying to gain sensitive information.
Phishing typically occurs in the form of a convincing email sent to employees and tries to trick recipients into giving away personal and company information such as names, addresses, email addresses, bank account numbers, credit card numbers, passwords and more.
While there are specific campaigns that target individuals known as spear phishing, phishing attacks in general target a broad audience.
We’ve all seen the odd messages offering millions in inheritance or to claim a free prize so long as you provide your bank information ASAP, but phishing attacks today are alarmingly sophisticated. Emails that look like they are coming from authoritative and trustworthy sources like your email provider regarding unread messages, or confirmation of order details from a supplier, make the attack more difficult to spot. To help persuade recipients of their legitimacy, messages like these typically have branded letterheads and similar website and email domains.
A well-known form of cyber-attack is identity theft, and it typically involves a cybercriminal acquiring a form of personal information such as a social security number and misusing this information to open a line of credit or steal money. However, when it comes to the manufacturing industry, identity theft typically targets a company’s customer database. Once an employee’s or customer’s personally identifiable information (PII) is available, this information can be sold or used for a variety of financial purposes.
Spam and Malicious Software
Spam emails and its accompanying malicious software are an increasingly dangerous threat to manufacturers, and unfortunately, all too common. Similar to a phishing email, messages with malicious software contain links with malware. Once the recipient clicks on an infected link or opens a corrupted file, the malware installs on the user’s system and infiltrates through the entire company network.
The holidays are for traditions, not hackiversaries
This time last year, Midwest Filtration experienced a similar situation after an employee that opened a suspect attachment infected a machine. Despite several attempts to clean and restore the computer, Troy Mastern, the IT Manager for Midwest Filtration, knew there was a problem. The sinking feeling of an attack came when within a matter of hours other machines started experiencing similar errors. TechSolve helped Troy and Midwest Filtration pull together an action plan to remediate the problem. Troy recounts, “The best thing about this bad situation was working with TechSolve and knowing they handled similar situations to this before. Working with TechSolve and having a plan in place reassured me that it was a recoverable situation and we could move forward.” However, Troy and Midwest Filtration are one of the lucky ones as more than 60% of small to mid-size businesses that fall victim to cyberattacks close within six months of the incident.
Troy’s best advice to manufacturers who think they’re unlikely cyber targets is, “It’s not a matter of if, it’s a matter of when basically. It’s good to have a plan in place before something like this happens because there is going to be a lot of things you need to take care of, check on and address quickly to minimize damage.”
Protect Your Data With the Right Cybersecurity Strategy
Your holiday season doesn’t have to be a disaster if you take the proper measures to protect your data. Manufacturers who follow a strategy to protect their data are less likely to suffer a cyber-attack than those not taking a proactive approach.
TechSolve has developed an easy-to-implement Cyber Risk Mitigation Checklist that manufacturers can do on their own, with their IT or MSP, or with seasoned cybersecurity professionals like TechSolve.