A gang of cybercriminals launched a hit with a ransomware attack earlier this month against Colonial Pipeline, the largest refined goods pipeline in the United States, with annual revenues of $ 15 billion. Another multimillion-dollar company, Molson Coors …
A group of cybercriminals launched a successful ransomware attack earlier this month against Colonial Pipeline, the largest refined product pipeline in the United States, with annual revenues of $ 15 billion.
Another multimillion-dollar company, Molson Coors Beverage Co., was targeted earlier this year in a cyber attack that disrupted brewing operations, production and shipments.
How can a small and medium-sized manufacturer defend itself against a criminal enterprise with the ability to disrupt the largest companies in the country?
The truth is that all businesses, large or small, will be the target of a cyberattack. However, larger companies with a more complex network may be more vulnerable; they carry the appeal of a six- or seven-figure payment if the attack is successful, cybersecurity experts say.
“It’s not a losing battle for smaller businesses,” said Kevin Bong, senior manager of Sikich’s technology division and penetration testing leader.
Small manufacturers often have simple, straightforward networks, which offer many opportunities to defend themselves and recover from attacks.
“If you make the effort to do the basics and do a vulnerability assessment, you really put yourself in a good security position,” Bong said. “You don’t have the complexity of these big organizations where a small gap will allow someone to get in.”
The attackers find that the manufacturing industry does not have the security stance of heavily audited industries such as banking and healthcare, which has led to an increase in cyber extortion among manufacturers of all sizes, Bong said.
In fact, more than 50% of manufacturing companies experienced two or more information security events during 2020, according to a Sikich survey conducted in March on more than 125 manufacturing and distribution executives. Of the cybersecurity incidents reported by executives, 81% were email fishing scams, 42% were unemployment frauds and 9% were ransomware events.
Organizations such as Microsoft and the National Institute of Standards and Technology are pushing companies to take a more holistic approach to cybersecurity. Firewalls and antivirus software are excellent, but companies need to develop management and structure around cybersecurity, said Todd Streicher, vice president of CyberNINES, a cybersecurity services company.
More than 5,000 Wisconsin manufacturing companies have contracts with the U.S. Department of Defense, which means they must comply with the cybersecurity frameworks developed by NIST. These frameworks help companies assess and improve their ability to prevent, detect, and respond to cyberattacks.
What is the process when an employee leaves the company? When should a company turn off network access and an employee account?
“All of these things are identified through this framework,” Streicher said. “It’s not just about launching technology. He is looking at things in a completely complete way. “
Companies without DOD contracts are adopting NIST framework strategies because it is the gold standard and provides a business with a competitive advantage, Streicher said. In fact, some companies will give potential partners a security questionnaire to assess whether this relationship would pose a risk to their own organization.
“From a business maturity perspective, you have to struggle with these things to position yourself in a better position,” Streicher said.
NIST frameworks promote practices such as quarterly vulnerability assessments, in which a third-party organization assesses whether a company’s information system is likely to present known weaknesses.
Other best practices include multi-factor authentication, especially for employees who remotely access a company’s servers and for passwords associated with backup files.
If a hacker accesses a password for backup files, it will encrypt the data and delete the backups, leaving a company with no choice but to pay a ransom.
“All manufacturers should stop doing what they do and ask their IT manager,‘ Can someone who has stolen our password delete our backups? “Bong said.
If the answer is “yes”, these files must be stored offline or placed in a cloud that requires multifactor authentication.
Modern cybersecurity companies change eight-character passwords to pass phrases like “basic battery horse 27” – simple enough for a human to remember, but much harder for a hacker to guess or because the computer may break it due to its ambiguity and length. , Said Bong.
Manufacturers also buy cybersecurity insurance, which covers the payment of ransomware and other costs associated with an attack, including legal advisors or resources to recover lost data.
Steps to strengthen cybersecurity
- Use passphrases instead of eight-character passwords.
- Ensure that remote access by employees requires multifactor authentication.
- Update your antivirus software and firewalls regularly.
- Develop cybersecurity practices at the company-wide or department-specific level and a management structure that employees can follow.
- Understand what is covered in a cybersecurity insurance policy.