Ransomware: A Major Factory Threat
Updated: Nov 13, 2020
Ransomware is a type of software that worms its way into a network, encrypts files, and locks them down until a ransom is paid. These malicious attacks exploit a company’s vulnerabilities by blocking access to critical business data, leading to lost money, productivity, and consumer trust. Phishing emails and compromised websites are the most common form of cyber-attack and are often disguised as harmless attachments or documents. As manufacturing automation has evolved, the security measures used to protect business data remains obsolete. Additionally, criminals are becoming more sophisticated.
An Example: WannaCry
On May 12th, 2017, a dangerous ransomware virus infiltrated thousands of computers across the globe. The virus focused on systems running Windows XP, for which Microsoft had ended their support of several years earlier, but many businesses continue to use. WannaCry’s ability to encrypt files and then replicate itself across a network through the loopholes in Windows security made it particularly vicious.
The creators of WannaCry (a very fitting name if your data is infected) designed the ransomware to hold business files hostage until $300 was paid in Bitcoin. After 3 days, the ransom would double. If it wasn’t paid within a week, all files would be deleted and made non-recoverable. Many companies fell victim to the attack, including financial institutions, hospitals, and manufacturing plants. One car manufacturer even had to shut down operations to deal with the fallout.
Targeting the Manufacturing Industry
An article from the CyberSecurity Observatory states that “Cyber-attacks increased 24% globally during the second quarter of 2017 compared with the first three months of the year, with the manufacturing industry being the most heavily targeted”.
1. Outdated Network Security
Manufacturers invest in machine automation to stay competitive and deliver on time, but many forget that as physical systems are upgraded, network security must be too. As WannaCry exemplified, those companies that were still running Windows XP even after the support had ended, were negatively affected. Criminals exploit organizations that leave loopholes and specifically target industries (like manufacturing) that don’t give enough attention to their network security.
2. No Regulations
Unlike healthcare and energy industries, manufacturing is not regulated for cybersecurity. This “no consequences” environment allows factories to continue to use outdated practices just because they’re not broken. If security compliance was mandatory, manufacturing plants would have network protections, which would make it more difficult for criminals to disrupt production.
3. Causing Maximum Chaos
While some criminals distribute ransomware for monetary gain, others exploit businesses simply to cause destruction.
Factories and warehouses operate on strict production and delivery schedules, so those looking to cause damage target the manufacturing industry because there is a lot at stake. Some of the repercussions include missed shipments, lost revenues, lost man-hours, and an excess of products that can expire. In addition, if one link in the supply chain is attacked, it hurts the businesses that partner with them too.
Ransomware creators exploit the fact that manufacturers can’t afford downtime and will be more inclined to pay the ransom just to restart production. An IBM study indicated that “70 percent of businesses infected with ransomware have paid ransom to regain access to business data and systems…with half of those paying over $10,000 and 20 percent paying over $40,000.” It is important to remember that criminals lie; when you pay the ransom, there is no guarantee you’ll receive your data back and it only encourages their behavior.
How to Protect your Factory
Failure to effectively protect manufacturing networks/data often stems from a lack of awareness about cybersecurity and where the company is left exposed. Integrating these protocols seems like a daunting task due to the planning, reconstruction, and continuous monitoring involved. This is the part where you recognize that you don’t have the time to devote to the process and it’s OK to ask for help. A Managed Services Provider, like Iserv, assists your factory in analyzing your current environment for vulnerabilities and develops a security strategy to make the entire infrastructure stronger. Here are some tips for protecting your factory against cyber-attacks:
1. Keep software, firewalls, and passwords updated
Utilize enterprise-level data encryption, multi-tier authentication, and access control protocols to protect your critical business information (especially financial and proprietary data). Employee personal devices should be secured with ransomware protection and set up to restrict data access to those with permission.
2. Invest in backup and disaster recovery
Replicating and storing your data in an off-site data center or in the Cloud in one of the best ways to defend your factory against ransomware. The attackers win only if they can hold your data hostage with the threat of deletion. But if you have a recent backup, your information can easily be restored to pre-ransomware versions, leaving you unharmed and the criminals with no reward.
3. Be vigilant of suspicious emails
Ransomware is often delivered in a subtle package like an attachment or link in an email. Train your employees to monitor their accounts for unexpected messages or files and alert the team if something is found. Email filtering software also scans and reports suspicious emails to your management and IT teams.
Understanding the manufacturing ransomware threat allows factory owners and managers to fill in security gaps. Think of your ransomware knowledge as a weapon in the fight to protect production and delivery and a Managed Services Provider as your ally. Out of this partnership comes a focused and layered cybersecurity integration that is custom built to shield your manufacturing plant from attack and put the focus back on innovation.