7 ways manufacturers can reduce risk of a cyber attack


4 minutes read time

June 26, 2017
With the manufacturing industry one of the most vulnerable to cyber attacks, here are 7 ways you can improve your organization’s security measures.

According to an IBM Security study, the Manufacturing sector had 40% more “security incidents” than the average across all industries. Manufacturing was the third most attacked sector in 2016.

Why? What are attackers looking to gain from manufacturers? Cash, personally identifiable information, intellectual property, or internal operational information. These are highly valuable to criminals and traders of company secrets.

With the rise of ransomware-as-a-service (RaaS), such attacks are gaining momentum and manufacturers are increasingly vulnerable.

Ransomware is the latest buzzword in cybersecurity. Using this kind of malware, attackers pierce your company’s system or database and encrypt the data, effectively holding it ransom, asking for money in exchange for ‘release’.

Just last month, ransomware wreaked havoc on the UK’s National Health Service (NHS), FedEx and Telefónica (among many others).

An accidental hero emerged – a 22-year-old cybersecurity researcher stumbled upon a clumsy ‘kill switch’ within the ransomware. The kill switch was simply an unregistered domain name, which the researcher bought making it live, shutting down the malicious software.

The domain name cost MalwareTech just $10.69, yet the researcher potentially saved companies and governmental organizations billions of dollars.

But that’s one of the rare ‘success’ stories.

Back in 2015, an employee at a small US-based concrete manufacturing company unknowingly clicked an email attachment triggering a ransomware called Cryptowall.

Over the day, the ransomware silently crept through the company’s network and encrypted accounting data. The attack wasn’t evident until the next day and it halted production for 2 days.

At a loss, the company paid the ransom, but the data was never fully recovered. Sadly, the company didn’t have up-to-date backups so much of that data was lost forever.

The company had suffered a major production blow (over a week of downtime) and couldn’t meet contract delivery deadlines, which resulted in a massive financial loss.

How To Protect Your Data

Here are some measures you can take to protect your data and reduce the risk a cyber attack:

1. Raise awareness around cybersecurity with staff
This may be a comprehensive course with a cybersecurity expert, or perhaps a list of “red flags” and “no-gos”. For example, you could provide examples of what a suspicious email might look like.

2. Have a process for quickly reporting any irregular activity
If staff spot a suspicious email, who do they report it to? There is no point in creating awareness around cybersecurity if staff don’t know the next steps.

3. Cybersecurity and physical security are not mutually exclusive
When raising awareness, don’t forget to talk about physical security. Cyber attacks can be as simple as plugging in an innocent-looking (but malware-ridden) USB memory stick found in the company carpark.

4. Have restricted access for each user role
Employees should only be able to view and access data or functionality that is necessary to their job. If an employee falls victim to an attack, this will help prevent the spread and scope of the attack minimising the damage. Review user roles and privileges on a regular basis.

5. Implement a company password policy
Whether you choose to regularly change passwords or employ a 2-step verification system, it’s important to have some measure of password security. Ensure each password is strong and unique. A strong password will comprise at least six characters and have a combination of letters, cases, numbers and symbols.

6. Encrypt data
If your company stores sensitive information on servers or databases, it should be encrypted. Review how your employees use sensitive data regularly. For example, does your Marketing team export personally identifiable information for upload into third party advertising systems? If your employees can easily export sensitive data as unencrypted CSV or XLS files, that data is not secure.

7. If all else fails, have a Cyber Insurance policy!
In the event of a serious cybersecurity incident, you may not be able to retrieve your data or reverse the effects. However, if you have a comprehensive cyber insurance policy you should at least be able to cover your losses.

Try WhosOnLocation free

If you’re looking for an employee, contractor and visitor management solution to make your process easier and more secure, consider using WhosOnLocation.

Manage visitors, contractors, employees and evacuations all within one easy to use application: WhosOnLocation works across businesses of all sizes including manufacturing, corporate, utilities, construction and ICT. Start your free 30-day trial here.