As the use and dependence on computers and software grow, so do the threats facing businesses of being hacked or becoming a victim of ransomware, where a company is locked out of a system until they pay a ransom. In some cases, even if a company pays the ransom, it may still experience irreparable damage to its systems, network and reputation.
According to the Federal Bureau of Investigation’s Cyber Crime Compliant Center (IC3), ransomware is one of the biggest and most frequent threats to businesses in the United States. In addition, the number of complaints and financial losses is staggering. In 2021, IC3 received 847,376 complaints, a record number and a 7% increase from the previous year. Of these complaints, top cyber-attack categories were ransomware, business email compromise (BEC) schemes and criminal use of cryptocurrency. To say cybercrime is a real threat is an understatement.
The costs of a cyber-attack
Of the 847,376 complaints mentioned above, IC3’s BEC complaints alone totaled an estimated $2.4 billion lost. In those that had a ransomware attack, studies have shown that 50% to 80% of organizations pay the ransom, and some entities fall victim again. Even if a company does not pay directly for cyber attacks, there are undoubtedly indirect costs—tasks become more manual, systems being down lead to operational downtime and production volume is decreased. Like a domino, this can affect everything down the supply chain.
Even after implementing cybersecurity measures, periodic reviews and evaluations are always recommended.
More vulnerabilities, more risk
Cybersecurity incidents increase as industries add real-time data capabilities and electronic devices to their network. Adding more devices and capabilities all come with risks and additional vulnerabilities. When more personnel can access information on a network, it makes it easier for cybercriminals to find entry points into a system. Each new device on a network means another entry point for the criminal.
Another common vulnerability is human error. Starting with detailed cybersecurity processes and procedures can help lower this risk.
Also, many manufacturing facilities operate with outdated systems. These have built-in vulnerabilities because they may no longer be supported. Some programmable logic controllers (PLCs) and control systems may not be secure by design. Facilities must either build security or protect the programs with other controls.
Each vulnerability gives cybercriminals easy access to systems, leading to more risk.
Baby steps to cybersecurity
Creating a cybersecurity plan starts with developing a framework plan. It should allow for flexibility for future changes and assess your risk. Interstates often begins development of a cybersecurity plan based on industry frameworks. We also work to modify existing IT security policies to fit within the OT (operations technology) environment.
Once this framework is ready, consider these six practical items to help implement your cybersecurity practices:
- Create an inventory list. This detailed list should include all critical hardware, software, and cloud-based assets used in your facility that needs protection. Examples: Lansweeper, patch management and antivirus software, manual techniques.
- Invest in malware protection. Seriously consider investing in malware protection programs. This software can quickly alert companies of attacks and help protect against them. Examples: McAfee, Symantec, CrowdStrike, Cylance.
- Improve access control. Consider designating a select group of individuals with authorized access and the credentials to access specific hardware and programs. Companies may also want to grant hardware and software access as needed based on an employee’s responsibilities. Examples: Active Directory, ADManager, Group Manager.
- Perform data and system backups. This plan should include backing up critical application programs and data systems periodically. If a cyberattack occurs, these backups allow a facility to recapture and isolate a point before the system becomes infected or compromised. It can also help avoid significant delays in getting the system back online and operating. Examples: Veeam Software, Commvault, Unitrends, vRanger, and Acronis.
- Implement patch management. Software developers provide specific changes or updates to fix security vulnerabilities or offer new features called a “patch.” Patch management involves deploying these updates to different endpoints like mobile devices, servers and desktop computers. However, patches are not a long-term solution and shouldn’t be solely relied on until the next software version is released. Examples: Windows Server Update Services (WSUS), BigFix and Altiris.
- Invest in employee cybersecurity training. Employees are a major asset to a company, and investing in proper cybersecurity training can help protect against cybersecurity accidents. Following are a few elements of a cybersecurity program: Create a proper protocol for employees, develop and implement policies for sensitive data storage, educate employees on cyber threats, authorize who is allowed to use critical devices, require all important data to be backed up, teach proper email use, create strong passwords that are regularly changed, prohibit unauthorized software and ensure those making updates to the website do so securely.
Cybersecurity is an ongoing journey. Completing these six steps can lead to more robust security, but companies should review it regularly. Facilities need to continually be on the lookout and not become complacent regarding cyber protection.
Cybersecurity Resource Information
- Critical Infrastructure: Actions Needed to Better Secure Internet-Connected Devices
- Cybersecurity and Infrastructure Security Agency (CISA)
- National Institute of Standards and Technology (NIST)
Brandon Bohle is a Cybersecurity Systems Analyst and team lead at Interstates, a certified member of the Control System Integrators Association (CSIA). For more information about Interstates, visit its profile on the Industrial Automation Exchange.