Manufacturers and Cybersecurity Experts – An Important Relationship
Cybersecurity has become a leading concern in the manufacturing industry, and for good reason. In 2021, well-known businesses experienced data breaches left and right. Between April and May alone, seven notable data breaches were reported by the media. These attacks happened to large, established companies that already had extensive cybersecurity protocols in place.
A common misconception in the manufacturing industry is that cyber-attacks only happen to well-known companies. This couldn’t be further from the truth. The manufacturing industry is one of the most targeted industries for cyber-attacks, and with that, small businesses account for more than half of data breaches (58%). Cyber-attacks against small to mid-sized manufacturers typically go unreported, which creates a false sense of security. Without a large sample of these manufacturers reporting attacks it’s easy to see why manufacturers might think that they’re safe from harm. However, this misleading mindset could be dangerous and harmful to manufacturers overall – as 60% of small businesses close within six months of an attack.
Another major concern is the hardware that manufacturers are using. It’s very frequent for manufacturers to be using computers that are older or are no longer supported by the hardware manufacturers. This means that the computers won’t be receiving security patches or software updates, which can leave the systems at risk for a breach. Older machines running on older versions of Windows, such as XP, Vista, or Windows 7 are vulnerable to forms of malware, which can easily exploit holes in security.
So, what can manufacturers do to protect themselves from cyber incidents? How do manufacturers identify what cybersecurity solutions are right for them? The first step manufacturers can take is understanding that the most prevalent risk is against your employees. If you think about it, it makes sense. These are individuals which have approved access to sensitive systems and data. Additionally, the workloads and other distractions make them susceptible to making mistakes. Cyber criminals use this to their advantage by targeting organizations with a specific type of attack known as ransomware.
What is Ransomware?
Ransomware is unintentionally downloaded software that is designed to encrypt data on a system so that the user cannot access it. That encrypted data is then held behind a paywall and will remain there until a ransom is paid to release it. Ransomware is used by cyber-criminals to take control and pressure a company into paying a ransom to regain their data, sometimes with no guarantee of getting their money, or data, back.
Ransomware is a constantly changing form of malware that can sweep through an entire system, encrypting files and rendering them useless. This type of attack can get out of control quickly, and attackers can spread their attack and then encrypt all files at once, rather than just a small batch.
Before 2005, most targets of cyber-attacks were either servers or workstation computers. Most cybersecurity experts didn’t think it was possible to gain access to operational technology machines that connected manufacturing equipment. Eventually, malware designed to sabotage manufacturing equipment, called Stuxnet, managed to infect Iranian nuclear facilities and broke some uranium enrichment centrifuges.
After Stuxnet, strains of ransomware like NotPetya, WannaCry, CryptoLocker, and more targeted broader private audiences, but still went after larger businesses and manufacturing units, exposing manufacturers using out of date security protocols. These strains are widely known and affected hundreds of thousands of systems respectfully, but smaller strains and smaller targets are still known to exist.
Who is at Risk of a Ransomware Attack?
Threat actors can target anyone with a computer that has an internet connection, and the risk increases based on specific factors. Cyber criminals tend to target certain types of systems; systems with important data, or a system with minimal or no network security. However, it’s very rare that these two types of systems line up. There is usually a point of entry target, which would be the system with lacking or no security, and the end goal, which would be the system with important data. The cyber criminals spend time identifying these two systems, and begin laying the groundwork for their attack.
Good examples of at-risk entities are government or law enforcement agencies, large businesses, healthcare systems, or other infrastructure entities like manufacturers in the supply chain. Essentially, cyber criminals will attack wherever the data is most valuable. If the data can be extorted and held for a monetary value, then there is a motive for ransomware attacks. Usually, a ransomware attack happens because of a monetary or political motive, but the threat actor is always trying to achieve something.
How Can a Device be Infected by Ransomware?
A device can become infected with ransomware in a variety of ways, but the most prevalent method of infection is phishing. Phishing is when a user is tricked into revealing sensitive information or performing a task. For the con to work, a user must believe in the authenticity of the request. Once a cyber-criminal has obtained the trust of a user, they would be able to access their credentials or convince that user to give the threat actor access.
Oftentimes, phishing occurs within an email inbox, or some other form of online communication. A message or communication containing a link to an external source will appear, and then that link will redirect the user to a webpage where they can enter their credentials to sign in. It may seem simple, but this strategy is effective, and cyber-criminals have improved at making these links look legitimate. Always be careful with messages containing links to external websites.
Other than Phishing, infections can occur via external vulnerabilities and third-party vendors with weak security, but the most vulnerable aspect is almost always the human element. A user on the network that has not been properly trained in good cyber hygiene can easily leave the door to the whole system wide open. Easy tactics to increase user security on a network are understanding the risks and signs of phishing, and also the usage of strong passwords. A weak user password could easily be guessed or forced by threat actors, but a strong password dramatically increases a user’s security.
TechSolve Strives to Inform Manufacturers about Security Risks
Ransomware is one of many cybersecurity risks that can cripple a manufacturer’s processes. Without taking the proper precautions against ransomware, a threat actor could easily halt manufacturing functions. With the constantly changing technology, and the growing risks of cyber-attacks, manufacturers need access to expert information in order to make imperative business decisions. At TechSolve, our team of cyber experts specialize in data security, CMMC compliance, vulnerability scans, and more in order to minimize the risk of cyber-attacks.