When Something Smells Phishy: A Cybersecurity Lesson for Manufacturers
When an email account with a nonsensical address pretends to be your CEO asking you to buy gift cards, you might deduce that it’s a phishing scam, right? That attempt probably won’t get far, but cyberattacks are a more sophisticated threat and potentially much more damaging to manufacturers of all sizes than they might imagine, warns eSentire Vice President of Industry Security Strategies Mark Sangster.
In a recent webinar produced by the NAM’s Leading Edge program, titled “Go Phish: Building Cyber-Resilience with Managed Phishing and Security Awareness Training,” Sangster laid out some useful advice for businesses. Here’s some of what he had to say.
The threat: Cyberattacks pose a threat to manufacturers of all sizes. While there is a widespread assumption that attackers are only interested in larger corporations, the truth is that small and medium-sized businesses make up a significant number of targeted organizations. Lest manufacturers imagine that they don’t have anything a hacker or attacker would want, Sangster made clear that a great deal of information held by manufacturers is extremely valuable to attackers.
- “If you look at the insurance data on claims, it’s small and medium-sized businesses, and in particular manufacturers, that are targeted,” said Sangster. “In fact, about a third of those attacks generally focused on manufacturers.”
- “You have data and assets worth stealing,” said Sangster. “You have secret recipes and manufacturing automation controls, and data that’s involved in that. And personally identifiable records and intellectual property. And depending on the type of business you’re in, it might be health care records and so on.”
The approach: While stereotypes often suggest that most phishing emails and other scams are obviously fake, many cyberattacks are extremely sophisticated, using specifically targeted methods to gain access to vulnerable networks, Sangster noted.
The good news: Even nation states and powerful ransomware gangs tend to leave a trail before an attack that can help manufacturers identify looming problems and thwart a breach.
- “There are signs and symptoms that something’s going on,” said Sangster. “There are steps you can take to prevent this from happening. And if you get into a hand-to-hand battle with these guys, there is an opportunity to identify it before it metastasizes throughout your organization and becomes those massive business-disrupting ransomware outages that we sadly read about.”
Some low-hanging fruit: Sangster highlighted a few protocols that manufacturers use to prevent most cyber attackers from gaining access, including multifactor authentication or a secure remote connection, like a VPN, or a software-defined perimeter that verifies the identity of a device before it is granted access to application infrastructure.
- “Following these recommendations knocks away 90% of the risks that you face,” said Sangster.
Roll tape: For more information about the stakes of this moment, the importance of cybersecurity and the steps that you can take to protect yourself and your business, check out the full webinar here and learn more about eSentire here.
The next step: Solid cybersecurity is a must for any organization. To help manufacturers protect themselves, the NAM created NAM Cyber Cover, a risk-mitigation and cyber-insurance program that helps manufacturers detect and cover any vulnerabilities. Check it out here.