4 ways to increase cybersecurity.
Secuvant
10/12/2018
Cyberrisk is a clear and present danger to companies of all stripes, including manufacturers and industrial organizations. The business impact is real and companies need to understand that when they find themselves in the crosshairs of cybercriminals, the dangers and damages can extend far beyond financial loss and easily add up to a litany of issues including (but not limited to):
- theft of intellectual property
- loss in productivity
- harm to reputation
- destruction of data
- theft of personal employee data
- disruption to business continuity
- damage to physical facilities
- liability or fines for noncompliance with data-privacy regulations
- possible legal action by customers and employees whose personal information has been breached or employees suing for lost wages if the company cannot pay due to the breach
- costs of remediating the damage itself
- relationship damage and lost confidence within original equipment manufacturer (OEM) and supplier relationships
Additional Avenues of Attack
Furthermore, manufacturing and industrial companies are impacted by at least three additional broad categories under which most cyberattacks and threats occur: Espionage and IP Theft. In a globally competitive environment, some unscrupulous companies would rather steal what they need instead of investing the time, money, expertise, research and the other thousand layers of processes and resources needed to build something better. Hackers see the possession of business plans, trade secrets and intellectual property as an extremely lucrative venture for resale, especially to nation-states. Ransomware for Revenue. Ransomware is an example of cyberextortion. Ransomware attacks are usually undertaken by a Trojan that is designed to look like a file that a user downloads or opens in an email attachment. Even more devastating are worms such as the recent WannaCry attack that traveled automatically and unrestrained between computers and users. Ransomware is usually designed to encrypt data and prevent a company’s access to the data until an anonymous payment is made to the hacker. Many times, even after payment, the encryption keys are not provided, and access to the data is not granted. Those who engage in ransomware are almost always seeking money. Pure Destruction and Harm. For some, the purpose of hacking is not finances, but rather causing damage for political or emotional purposes. Stuxnet was discovered to be the world’s first “cybermissile” with the ability to control industrial processes that damaged a nuclear centrifuge fuel-refining plant in Iran. More recently, a confirmed case of a cyberattack against a manufacturer caused physical damage when hackers struck a steel mill in Germany. They were able to gain access to the network and disrupt control systems to such a degree that a blast furnace could not be properly shut down, resulting in “massive” damage.Executives Have More Control Than They Think
In the face of these threats, many business leaders think they are powerless—but the truth is, they are wrong. In fact, many of the root causes of breaches are within the C-Suite’s control. According to the authoritative IBM-sponsored 2017 Ponemon Institute’s “Cost of Breach Report”:- 28 percent of all breaches involved system glitches, including both IT and business process failures that are preventable.
- 25 percent were human factor errors by negligent employees or contractors, which are also largely preventable.
- The other 47 percent involved a malicious or criminal attack, which tend to drive most of the hype in the press.