More than $100 billion was spent on cybersecurity defense last year. But according to insurance broker AHT, no matter how intricately encrypted, firewalled, or otherwise secured a network may be, the chain is only as strong as its weakest link. In most cases, that weak link is human error – something that can’t be automated out of any system. Older software that isn’t frequently updated, or lax attitudes toward password control, are two common vulnerabilities that present hackers with areas of ingress.
Because of this, AHT partnered with Coalition, an insurer that specializes in cyber defense monitoring and insuring. The two collaborated to present on the current state of cybersecurity for food manufacturers today at ProFood Tech. [Editor’s note: While the presentation was geared toward food manufacturers, the information is also applicable to healthcare manufacturers and packagers.]
Ransomware was the primary topic of discussion. In this case, an attacker will gain access to a company’s network via malware, ‘phishing or spear phishing,’ or social engineering (someone logs in who is not who they say they are) types of attacks. The downside to cyberattacks for companies in many sectors is whatever extortion fee the attacker asks for.
But for manufacturers—those in the food and beverage industry as well as healthcare—the real issue is the downtime the attack may produce, the systems interruption on the plant floor and any recovery time that might be necessary. In most cases, the ransom fee may pale in comparison to this downtime. In fact, a Coalition spokesman said that half of companies involved in protracted recoveries from attacks go out of business.
And these types of manufacturers are increasingly in the crosshairs of attacks. In the earlier days of these types of cyber risks, hackers found it fun to challenge the Apple, Walmart or the CIA. But those companies got smart and became more difficult to penetrate. So now, the money for hackers in the low-hanging fruit. That can often be, save for a few large, global brands, the comparatively small- to medium-sized business that process and package food and beverages.
“They don’t care what kind of business you are,” Shea McNamara, Business Development at Coalition, says. “If they can extort and get money, that’s what they’re going to do.”
How can insurance help? AHT already is heavily involved in industrial insurance. The addition of Coalition provides even deeper cybersecurity experience in the manufacturing space around industrial control systems and any vulnerabilities there.
Coalition would inspect a potential customer’s network for vulnerabilities, then write an insurance policy based on what it finds. The company’s “government-caliber hacker team” would then employ ongoing monitoring for policy-holders, including dashboards, patch-management and threat monitoring apps, and more that act as a “24-hour smoke alarm.” The company says that unlike previous policies that may have appeared daunting, even threatening to a manufacturers IT department, this suite of tools and monitoring devices is usually welcomed as an additional IT toolkit.
“As typical standalone policy just won’t do it,” MacNamara says. “We act as a 911 phone call for policyholders. Cyber is immediate, so waiting three or more days for a claims event to be managed and triaged is too long.”