Cyberattacks In Manufacturing — Advice On Being Proactive

Tim Francis, vice president and enterprise cyber lead at Travelers, talks about cyberattacks in manufacturing and what companies can do to protect themselves.

Q&A With Tim Francis, vice president and enterprise cyber lead, Travelers

Why are Manufacturers at Risk of Cyberattacks?

Manufacturers are at risk to a cyberattack for a variety of reasons. First, even if manufacturers don’t collect and store the same amount of personally identifiable information as a healthcare or financial services company might, they would still will have that type of information about their own employees and have a responsibility to keep it confidential. Further, when you factor in, not just current employees, but past employees, applicants, and perhaps in the information on all the beneficiary of those employees, those numbers can add up quickly. Lastly, any size company in any industry, may find that they are the victim of a cyber-extortion scheme, or a have their business operations impaired due to a DDOS attack, virus or other malware, that effects their computer systems. These types of attacks can be both disruptive and costly to deal with.

What Should These Organizations be Doing to Best Protect Themselves Against These Risks?

  1. There is no single fool-proof method that can guarantee a cyberattack won’t be successful, but there are some relatively simple steps that can go a long way towards lowering the odds of one occurring and lessening the impact if an attack does happen.
  2. Know your data. A company cannot fully know how much is at risk until they understand the nature and the amount of data they have.
  3. Create file back-ups, data back-ups and back-up bandwidth capabilities. This will help a company to retain its information in the event that extortion occurs.
  4. Train employees to recognize spear phishing. All employees should learn the importance of protecting the information they regularly handle to help reduce exposure to the business.
  5. Do background checks on employees. Background checking employees can help identify whether they have criminal pasts.
  6. Limit administrative capabilities for systems and social footprint. The less employees with access to sensitive information, the better.
  7. Ensure systems have appropriate firewall and antivirus technology. After the appropriate software is in place, evaluate the security settings on software, browser and email programs. In doing so, select system options that will meet your business needs without increasing risk.
  8. Have data breach prevention tools, including intrusion detection. Ensure employees are actually monitoring the detection tools. It is important to not only try to prevent a breach, but to make sure that if a breach occurs, the company is aware as soon as possible. Time is of the essence.
  9. Update security software patches in a timely manner. Regularly maintaining security protections on your operating system is vital to them being effective over time.
  10. Include DDoS security capabilities. It is important to have the ability to avoid or absorb attacks meant to overwhelm or degrade your systems.
  11. Put a plan in place to manage a data breach. If a breach occurs, there should be a clear protocol outlining which employees are part of the incident response team and their roles and responsibilities.

If an Event Should Occur, What do Manufacturers Need to Know to Recover as Quickly as Possible?

Thinking about how to respond to a cyber event after it happens is a poor strategy. Business owners need to consider cyberattacks just as they would any other risk — like fire, theft, or severe weather — and plan for it as part of their business continuity strategy.

A post-cyber incident response plan should consider a number of issues, including:

  • notifying customers
  • assessing the scope of the breach
  • handling legal policies and procedures to report the event
  • contacting your insurance agent and carrier, and managing communications

There also must be a clear protocol in place to identify which employees are managing each component of the plan.

If an event occurs and data is exposed, it is important to quickly ascertain how widespread the breach was and if systems are secure. Data should also be categorized to determine whether personal information was compromised, such as Social Security numbers, medical records or financial information. This will enable the company to accurately and quickly notify customers about what took place.

Companies should identify and utilize external resources to assist in managing a cyber-event. A “breach coach” or attorney experienced in security and privacy compliance issues can assist with this. The “breach coach” can also help gather facts surrounding the incident, such as when and where the breach occurred, man-hours spent recovering and estimates for the overall cost of remediation. These details are necessary to help re-secure a company’s data network, refine the internal and external communications plan and serve as evidence if the data breach results in a legal battle.

Responding to a breach and navigating the legal landscape in the aftermath of a cyberattack can be complex and requires specific expertise in the field of cyber and privacy law. Your cyber insurance carrier or agent should be able to connect your business with an experienced “breach coach” to help it recover from an event.

Once a company determines how, when and where the breach occurred, its IT staff should check to ensure that the data is secured with necessary patches or fixes. Systems should be tested and re-tested thoroughly to help identify process gaps and confirm that sensitive company and client data are secure.

How are Hackers Typically Infiltrating Manufacturing Organizations?

Cyberattacks can occur in many different ways. In fact, many data breaches are not actually “attacks” in the way we might normally think of the term. A lost laptop, an email sent to the wrong address or even a misplaced file folder of paper records can all result in personal and confidential data being compromised. These events can carry every bit of anxiety, cost and reputational harm for a company as those attacks carried out by more sophisticated hackers. Additionally a company may find that their systems have been compromised in order for hackers to gain access to one of that companies legitimate business partners. When that happens, long term relationships can sour, and vendors and suppliers may look elsewhere not to mention the potential legal costs that can be occur.