What is the biggest cybersecurity threat to manufacturers today? It’s ransomware, according to the experts who spoke at a recent NAM webinar.
What they’re saying: “Ransomware … has really become the biggest threat to a lot of organizations,” said ABB Global Cyber Security Manager of Power Generation Jim Lemanowicz during the “The State of Cybersecurity,” a webinar hosted by the NAM’s Leading Edge program. Ransomware is malicious software that encrypts a victim’s data until a ransom is paid to the attacker.
- “It’s not intended to necessarily attack the industry” it’s victimizing, he continued. “It’s purely a financial incentive, and it’s indiscriminate.”
No more small-time hits: Up until recently, one-time hacks into computer systems were more the norm among hackers seeking an illegal payday. “One thing that’s drastically changed is, now [cybercriminals] recognize that massive operational outages are the way to go,” said eSentire Vice President and Industry Security Strategist Mark Sangster. “And they can elicit seven-figure payments. It’s been professionalized. You can hire a freelancer.”
Assess your risks: What does all this mean for manufacturers? Assessment is key, said Lemanowicz.
- “Address the risk based on the criticality of the system—you know, what’s going to really cause you to have something that you can’t recover from, something that’s going to be a lasting problem,” he said. “Some systems you may be able to take offline” or use once a week or once a month.
- In cases where the isolation of a device would wreak operational havoc on your business, consider building redundancies into the system to isolate the devices effectively in the event of a breach. “Controlled access points between systems [mean] a ‘cascading effect’ is less likely,” Lemanowicz continued.
The way in: As the saying goes, an ounce of prevention is worth a pound of cure. Beware of often legitimate-looking spear-phishing attacks, which will appear to come from someone you or your employees know.
- Today’s cybercriminals “have lists,” Lemanowicz said. “They map out the different industries. They have an understanding of who’s involved in what levels in that organization.”
What else can you do? The panel experts had some additional tips for manufacturers looking to keep their systems free of cybercriminals.
- Use multifactor authentication.
- Use a virtual private network (VPN).
- Train all team members—including the C-suite—on good “digital hygiene” practices.
- Regularly update all systems.
The last look: One of the best ways to view cyberattacks is by “using a cooking analogy,” Sangster said. “People think of state-sponsored actors and criminal gangs as being highly sophisticated, [but] what they don’t necessarily understand is that the ingredients they might use aren’t sophisticated. It’s salt, and it’s pepper, and it’s chicken. But it’s how they combine those” that can make a situation dangerous to companies.
- The top way to avoid falling victim to these “recipes”? Said Sangster: “Having the basic [digital] hygiene in place.”