According to a new report from PMMI Business Intelligence, internal actions by a company’s own employees – whether intentional or accidental – are often either the direct cause, or play a large role in determining the success, of an attempted attack.
Careless and/or uninformed staff played a role in 46% of all cyberattacks that occurred in 2019, according to a study conducted by Kaspersky, and 11% of the most serious and damaging of all cyberattacks involved some kind of employee carelessness.
Connected devices have become invaluable tools for manufacturers, but they also represent potential cybersecurity vulnerabilities that can be exploited by cybercriminals. One of the largest internal threats to manufacturers’ cybersecurity are mobile devices among employees and contractors that can connect to a network - from tablets and smart devices like augmented reality glasses, to wi-fi enabled diagnostic tools and even cellphones.
As remote working has become more commonplace due to the pandemic, manufacturers have had to set up remote working options for a larger number of employees, creating a challenge for manufacturers trying to improve their cybersecurity defenses. Some smaller businesses do not have the resources to provide work devices to every remote employee, resulting in the use of personal devices to access company networks. Many of these devices are much less secure than company-provided devices, and the more employees signing in remotely to secure servers, the harder it is to limit access, monitor activity, and keep networks secure, from outside intrusion. An analysis by IBM found that the expansion of remote working in response to COVID-19 has increased the cost of a cyberbreach by an average of $137,000.
“Our greatest security concern is the lack of awareness by our employees, and the risk is higher with remote workers; training hasn’t seemed to work,” said an Automation Engineer of Household Products.
What can be done to prevent cyberattacks, or data breaches? Here are steps companies can implement immediately with employees:
- Regularly train employees on identifying phishing emails
- Connect remote workers with a secure VPN
- Implement multi-level password authentication
- Document “what to watch for” for employees
- Establish clear reporting guidelines for suspicious activity
Carrying insurance in the event of a cyberattack has also become a common practice for manufacturers. A good insurance plan should include:
- Data breach coverage: legal/ forensic consulting costs, ransom/reward payment, public relations costs, lost income from online portals (assuming they are down).
- Manufacturers’ errors and omissions coverage: lawsuits and consequences (fines/penalties) from lost services and/or missing/non-functional products.
- Cloud computing service interruption coverage: costs of data repair restoration, data research, and lost business/other expenses when a cloud provider has an outage.
- Data restoration coverage: coverage for data loss due to service disruption such as loss of electricity.
- E-commerce coverage: cost of damage caused to hardware, software, and data.
And finally, remain vigilant. Cybersecurity is an ongoing challenge that must be supported and adhered to universally across an organization to eliminate gaps in the defense, though it is nearly impossible to maintain vigilance at all times among all employees.
Opening a bad link in an email, downloading a bad attachment, or even bad password practices such as repeating or sharing passwords, can all be innocent mistakes made by employees. But, it is imperative that manufacturers keep employees properly trained and aware of cybersecurity threats, especially considering that the rate of malware attacks has been growing by 58% year over year.
Said one snack food engineering/automation group, “Our IT department sends out test emails to our employees to ensure they are on top of recognizing phishing or malware emails and if too many are opened, then additional training is scheduled.”
Cybercriminals have been targeting the manufacturing industry with ransomware more directly in recent years. Ransomware attacks target the software systems at an operation and lock out access to networks and even physical processes until a ransom is paid to the attackers. For manufacturers, ransomware attacks often result in the complete cessation of operations until the demand is resolved. In Q1 2020, ransomware attacks against manufacturers increased 156%, while ransomware attacks against all industries combined increased by only 25% over the same time period. These attacks are also becoming more costly: the average payment increased by 33% in 2020, with annual ransomware damages predicted to rise to $20 billion globally across all industries in the coming year.
Beyond ransomware attacks, common types of cyberattacks targeting manufacturing include:
- Phishing (and more targeted spear phishing): emails posing as legitimate, prompting action.
- Spam: clogging systems up with messages, preventing work.
- IP theft: stealing intellectual property from networks/servers.
- Compromised webpages: HTTP-based malware through infected website links.
- Trojan or Wrapper: malware that enters by masquerading as a trusted program/provider.
- Supply chain: attacks that enter through a networked third party in the supply chain.
- DDoS (Distributed-Denial-of-Service) Attack: A coordinated IT attack, often crashing websites, locking out email, and even compromising IIoT devices.
And finally, one other threat that must be considered and that is internal malicious intent – about 30% of all cyber events in 2019 involved employees maliciously working against their employers to damage a company’s cyber infrastructure or steal valuable intellectual property. Also, a Kaspersky survey found that 40% of companies reported at least one case of employees intentionally hiding cybersecurity incidents after they had occurred. One example from the report: After being fired in 2020, a VP at a medical equipment packaging company continued to secretly access the company’s networks with a fake login he had created while still an employee. Through this access he was able to create secondary logins that enabled him to edit 115,000 records and delete 2,300 entries. While the intrusion was caught fairly quickly, it resulted in significant disruption of operations that took the company months to fully resolve.
Download this FREE report below.
Source: PMMI Business Intelligence, “2021 Cybersecurity: Assess Your Risk”
