What should manufacturers know about cybersecurity threats? NAM COO Todd Boppell recently appeared on Mandiant’s “Defender’s Advantage Podcast” to explain how cyber criminals are targeting manufacturers today and what companies can do to protect themselves. Here’s some of his advice.
The threat today: While cyberthreats are nothing new, in recent years there has been a sea change, Boppell said.
- “I think what’s really changed in the past five years, especially—it probably started in the past 10, but it’s massively accelerated—is that cybercrime as a business model is on the rise,” he said.
- “A lot of the bad guys, whether their motivations are political or purely economic, have realized that ransomware and other forms of pure disruption are sometimes just as helpful or just as lucrative as stealing any sort of intellectual property.”
Manufacturing as a target: Manufacturers get victimized by ransomware attacks “because manufacturing is one of the least tolerant industries of any sort of downtime,” Boppell continued.
- “Over the past five years, manufacturing was always in the top three [sectors targeted by cyber criminals], typically with medical and financial services … but really over the past 18 to 24 months, all the data I have seen says that manufacturing has jumped to number one and has stayed there.”
What small businesses need to know: Small businesses may believe that they are beneath notice for cyber criminals, but that’s not the case, said Boppell.
- Once they come to terms with that depressing reality, small companies should take a look at their staff and operations, he said. “Do they have the talent on staff to understand what they should do, what their risks are, which systems they currently have that need to be addressed? Do they understand all the acronyms at play? Do they understand the different threat vectors?”
- And last, once the company generally knows what it’s doing and perhaps has some IT support, it should consider its budget, and how it can “get the most bang for its buck.”
What large businesses need to know: “Larger companies want to be helpful, and they want to help secure their supply chain partners, because it is absolutely in their best interests. … However, they are unbelievably busy just protecting their own boundaries and just worrying about all the attacks they’re facing,” Boppell said.
- “And of course, it’s always a little bit frustrating for smaller companies to have a larger company try to tell them what to do … so you have to really manage those relationships and figure out the right way to go in and help.”
The most important thing: “The number-one thing I’m trying to get through, and the number-one myth I want to dispel, is that a lot of small manufacturers believe that … they have no IP to protect,” said Boppell. “Maybe they make screws and fasteners, or maybe they make mattresses or whatever. … They feel like cyber is not a big deal for them.”
- “What we’ve seen with ransomware is that’s absolutely not true. Their ransomware risk is just as high as anyone else’s because they can’t tolerate downtime. And if they haven’t taken the steps to secure their networks and their equipment, then they’re going to be even more prone to falling victim to ransomware.”
Listen to the whole thing: You can find the entire interview with Boppell here.
Protect yourself: Interested in safeguarding your company? NAM Cyber Cover was designed specifically to give manufacturers and their supply chains enhanced risk mitigation and protection. Find out more here, and check out this webinar on the state of cybersecurity for manufacturers.