Manufacturing Cyberattacks: Don’t Ignore Until It Swims Up and Bites You |

Manufacturing Cyberattacks: Don’t Ignore Until It Swims Up and Bites You |


The following article was first published by Shipman & Goodwin LLP in the News and Information section of its website. It is republished here with permission.


Manufacturing was the most attacked industry in 2021, surpassing financial services, according to billions of data points analyzed by IBM.

Ransomware, the main type of attack, accounted for nearly a quarter of attacks on manufacturing companies.

In the past, cyberattackers focused their attention on the financial, healthcare, retail and energy industries, allowing many sectors of the industry to navigate with the belief that threat actors were not interested in them. .

In recent years, however, several factors have been combined to make manufacturing the preferred prey.

Increased use of Internet-connected operations and industrial control systems, the industrial Internet of Things, increased security and regulation within other highly targeted industries, an expanded remote workforce, and other workforce vulnerabilities act as a partner in the ocean to attract predators.

In the past, sharks may not have shown much interest in manufacturers, but now, “You’ll need a bigger boat.”

Fishing attacks

Fishing attacks, although targeted at various industries, have been increasing year after year in the manufacturing industry, which is now a major target for fishing attacks every year.

A phishing attack tricks the target into opening an email attachment or a malicious website by falsifying the sender’s identity.

Manufacturing is especially vulnerable to fishing due to inherited equipment, fragmented safety infrastructure and large workforce.

Attachments and websites contain Trojans or other malicious programs that are downloaded and scanned for systems to detect vulnerabilities to exploit and / or data to collect, either to be retained for rescue or to sell on the dark web for ‘actor of the threat.

The manufacturing industry is especially vulnerable to fishing attacks due to inherited equipment, which is quite easy to exploit for attackers, fragmented security infrastructures attributable to location-based variations in the hardware and software technologies used. , and a large workforce with different levels of experience in information technology. and training.

In addition to ransomware and phishing attacks, manufacturers are also frequently targeted for intellectual property theft, IIOT attacks, and supply chain attacks, where the threat actor infiltrates an organization into through a vendor or third-party vendor using viruses or malware in order to disrupt the manufacturer’s operations and ripple delays throughout the supply chain.

Rising costs

Analysts predict that the overall costs of cybercrime will reach $ 10.5 trillion annually in 2025, more than triple the amount spent in 2015.

If your organization has purchased or renewed a cybersecurity policy, you’ve probably felt the impact on increasing your premiums and the more rigorous underwriting process.

Cyber ​​insurers increased premiums by a staggering 92% in 2021.

Cyber ​​insurers increased premiums by a staggering 92% in 2021 according to information submitted to the National Association of Insurance Commissioners.

These premiums increased by 34.3% in the fourth quarter of 2021 alone.

Notification requirements

In parallel with the costs of responding to cyberattacks, notification requirements to individuals and regulators have also increased in recent years, and states have amended their breach notification statutes to increase the scope of affected data that the deadline for doing so must be notified and shortened. so, for example.

More recently, and specifically for manufacturers, Congress passed in March the Cyber ​​Incident Reporting Act for Critical Infrastructure 2022, which will require companies considered “critical infrastructure” to notify the Cybersecurity and Infrastructure Agency. criticism within 72 hours of a major cyberattack. and within 24 hours of making a ransomware payment.

Manufacturers must act now and make investments to defend and maintain production.

While the law does not identify which critical infrastructure sectors will be covered by the reporting obligation, future CISA regulations may look at the 16 critical infrastructure sectors it has identified as vital to the U.S., which includes the critical manufacturing sector.

In the face of these growing threats and compliance obligations within the sector, manufacturers must act now and make investments to defend and maintain production; to protect intellectual property, confidential information and customer data; to prevent economic losses and to protect themselves from physical damage to machinery and other critical systems.

Cybersecurity plan

A comprehensive cybersecurity plan is essential, which includes the following (among other elements):

  • Identification of systems, assets and data, and the risks for each;
  • Protection of these systems, assets and data with the appropriate safeguards to ensure the continuity of critical infrastructure and to limit or contain the impact of a cybersecurity incident (e.g.);
  • Develop and implement appropriate processes to monitor systems and detect a cybersecurity incident in a timely manner;
  • Develop and implement a detailed response plan, setting out the appropriate actions to be taken when a cybersecurity incident occurs to contain its impact;
  • Develop and implement a recovery plan to restore operations and capabilities affected by the cybersecurity incident; i
  • Training and education for employees at all levels on the dangers of cybercrime, how to recognize phishing and other threats, and how to report concerns or incidents.

Consider hiring professional cybersecurity experts and qualified advisors at the beginning of developing a cybersecurity plan, and especially when a cybersecurity incident occurs.

Most importantly, practice your response plan. No coach would expect a team to execute plays effectively just by reading the diagrams in a playbook.

The best-designed response plan is likely to fail in several areas amid the chaos of a cyberattack if your computer has never simulated it, which carries significant operational and compliance risks.


About the authors: Marc Lombardi i Damià Privitera they are attorneys for Shipman & Goodwin LLP, both practicing in the firm Privacy, cybersecurity and data innovation practice.

For more information on Shipman manufacturing practiceplease contact Alfredo Fernández (860.251.5353; afernandez@goodwin.com).



Source link

Related post

Open House: What steps can be taken to check the rising cases of suicides among youths? : The Tribune India

Open House: What steps can be taken to check…

Education institution should set up helplines To begin with, it should be made clear that stress is a physical reaction to…
Here are the top 25 start-ups to work for in India

Here are the top 25 start-ups to work for…

It’s also great to see young professionals embracing India’s startup ecosystem, with 56% of all hires at the top 25 startups…
Micro:bit launches new Python Editor to help more children learn text-based coding languages

Micro:bit launches new Python Editor to help more children learn…

Micro:bit Educational Foundation, the educational nonprofit on a mission to improve children’s digital skills, today announced that it’s even easier for…

Leave a Reply

Your email address will not be published.