Cybersecurity: Fiction Versus Reality

Cyber liability continues to be a growing problem for all industries including manufacturing. Many owners mistakenly believe that cyberattacks will not affect their business, or manufacturers do not have enough online data to be a target, or their business is too small.

Apr 2, 2017
Mnet 191858 Cybersecurity 1
Jay SheltonJay Shelton

Think your manufacturing company’s online data is secure? Let’s start by playing a quick game of true or false. Is it true or false that one-third of all cyber-attacks occur at companies with 250 employees or less? The answer is true. Is it true or false that the average consolidated total cost of a data breach is $2 million? The answer is false. It is actually now $4 million, according to the Ponemon Institute.

Cyber liability continues to be a growing problem for all industries including manufacturing. Many owners mistakenly believe that cyberattacks will not affect their business, or manufacturers do not have enough online data to be a target, or their business is too small. Well, the true or false game paints a different picture of just how prevalent cyberattacks are across all industries and businesses — and how much one can cost.

There are several different types of breaches that range from malvertising to phishing to social engineering. These attacks can focus on anything from disrupting network service by sending high volumes of data to attacks using malicious code, stealing information and executing wire scams. When it comes to protecting your business from the various types of breaches, a risk manager should ask the following:

  • How is company leadership informed about the current level and business impact of cyber risk?
  • What is the current level and business impact of cyber risk and what is our plan to address the identified risk?
  • How does our cybersecurity program apply industry standards and best practices?
  • How many and what types of cyber incidents do we detect in a normal week and what is our threshold for notifying our company’s leadership?
  • How comprehensive is our cyber incident response plan and how often is it tested?
  • Do I need cyber insurance and if so, how much?

Can these questions be answered? Is there even a comprehensive response plan in place?

How to Minimize the Risk of Cyberattacks

According to a newly released study from Experian and the Ponemon Institute, 76 percent of large businesses (those with 500 or more employees) say protecting against a cybersecurity exploit is as important, or more important than safeguarding against a natural disaster, business interruption or fire.

The study, titled "Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age" also found that companies of all sizes are increasingly looking to Cyber Liability insurance as part of the solution for managing the risks posed by security incidents. Of those with a policy, 30 percent have experienced an exploit or a data breach and submitted a claim.

Outside of proper insurance coverage, there are several key ways a manufacturer can help minimize the risk/damage of a cyberattack. These include:

No. 1 - Develop a mobile policy and train staff to adhere to it.

Mobile devices are equally susceptible to malware and viruses as computers, yet many businesses do not consider applying the same type of safeguards. As we become more reliant on these devices, their attraction as a potential target will continue to grow.

No. 2 - Produce user security policies dictating acceptable and secure use of your organization’s systems.

Employee training on cyber security should be a priority for all manufacturers, regardless of size. Hackers do not discriminate in their targets. It is crucial to have a cyber policy in place that it is enforced among staff.

No. 3 - Establish an incident response and disaster recovery program.

An incident response plan (IRP) should be clear, succinct and organized in sections, while containing the appropriate details including who, what, when and how to respond to various situations. More specifically, there are four key elements every IRP needs:

  • Incident Response Team
    This should outline roles and responsibilities, list both internal and external team members, their contact information, specific role and notification level.
  • Incident Triage Notification
    This should contain the various trigger notifications of the response team, insurance carrier, law enforcement, outside forensic investigation, crisis and media management.
  • Breach Response
    This part should include detailed response procedures such as timing, affected individuals and government notification. It should also address issuing a press release, internal communications, what is posted on the website and accompanying remedies such as credit monitoring and identity theft resolution.
  • Mitigation & Remediation
    This should cover investigation outcomes to correct vulnerabilities that harden the system from further breaches and review and improve the incident response team.

No. 4 - Limit employee cyber privileges and monitor user activity.

This can be specified in your cyber or internet policy agreement. Every employee should not have access to classified information on your business’s server.

No. 5 - Scan for malware across your organization.

Scan all external devices such as USB flash drives for viruses and malware before using the device. Be protective of laptops and always keep them in an employee’s sight.

If your manufacturing operation requires the use of computer systems, a disaster that cripples your ability to transmit data could cause you, or a third party that depends on your services or produced goods, to lose potential revenue. From a server failure to a data breach, an incident can impact day-to-day operations. Time and resources that normally would have gone elsewhere will need to be directed towards the problem which could result in further losses. It is crucial to assess the risk, follow the above-mentioned steps and talk to your insurance broker about cyber liability coverage.

Jay Shelton is the Senior Vice President of Risk Management Services at Assurance

Read Next
Financial Cyber
Cybersecurity
Ransomware Report Shows Fewer Incidents, Future Concerns
May 3, 2024
Latest in Cybersecurity
Manufacturing Business Management
Sponsored
Manufacturing Business Management
May 1, 2024
Financial Cyber
Ransomware Report Shows Fewer Incidents, Future Concerns
May 3, 2024
Manufacturing Infrastructure Cyber
CISA Releases Latest ICS Advisories
May 3, 2024
Ep92tn
Security Breach: Predictions That Hit
May 2, 2024
Related Stories
Financial Cyber
Cybersecurity
Ransomware Report Shows Fewer Incidents, Future Concerns
Cybersecurity
Cybersecurity
ZAG Technical Services Announces New Cybersecurity Offering
I Stock 1251037786
Cybersecurity
What is Volt Typhoon?
Manufacturing Business Management
Sponsor Content
Manufacturing Business Management
More in Cybersecurity
Manufacturing Business Management
Sponsored
Manufacturing Business Management
Acumatica looks to offer new solutions.
May 1, 2024
Financial Cyber
Cybersecurity
Ransomware Report Shows Fewer Incidents, Future Concerns
The fear is that larger RaaS groups are exercising greater control over their affiliates.
May 3, 2024
Manufacturing Infrastructure Cyber
Cybersecurity
CISA Releases Latest ICS Advisories
Cisco, Siemens, Honeywell and Mitsubishi systems top the list.
May 3, 2024
Ep92tn
Video
Security Breach: Predictions That Hit
A look back at Security Breach guest's most accurate and timely industrial cybersecurity predictions.
May 2, 2024
Ransomware
Cybersecurity
Report Identifies Hidden Costs, Challenges of Ransomware
Too many are paying, and the reasons range from understandable to infuriating.
April 25, 2024
Ep90
Video
Security Breach: DMZs, Alarm Floods and Prepping for 'What If?'
The new factors impacting a growing attack surface, and how to evolve your cyber risk strategies.
April 25, 2024
Fleet Of Fed Ex Delivery Trucks In A Parking Lot 483290419 4500x3000 (1)
Cybersecurity
Transportation and Logistics Under Siege
A look at how this vital and increasingly targeted market sector is responding to more cyberattacks.
April 24, 2024
Industrial Cyber
Cybersecurity
5G, AI and More Are Changing OT - Why Zero Trust Could Be the Solution
Maximizing technology investments while maintaining security.
April 24, 2024
Manufacturing Infrastructure Cyber
Cybersecurity
Avoiding Shutdowns from Ransomware Attacks
A strategic approach for protecting OT networks.
April 24, 2024
IEC 62443 is a key standard to reduce risk of cyberattacks in industrial workplaces.
Cybersecurity
How to Build a More Secure Connected World with IEC 62443
The goal is better efficiency, improved sustainability and interoperability, enhanced reliability and greater cost-effectiveness for system integrators, product suppliers and other stakeholders.
April 24, 2024
Coding
Cybersecurity
CISA Releases 7 ICS Advisories
Unitronics, Rockwell and Mitsubishi head the list.
April 19, 2024
Financial Cyber
Cybersecurity
Alarming Trends Reinforced in Ransomware Attack of Semiconductor Mfr.
Experts assess the fallout from the Dark Angel attack on Nexperia.
April 19, 2024
Industrial Cyber
Cybersecurity
Hexagon, Dragos Announce Partnership
The team-up looks to "revolutionize OT cybersecurity."
April 18, 2024
Ransomware
Cybersecurity
Report Shows Updated Ransomware Concerns
Hackers are elevating the complexity of their attacks - making them harder to detect.
April 18, 2024
Cybersecurity In A Bubble
Cybersecurity
Responding to Emerging Risks and Attack Vectors
Insight on key hacker strategies, response plans and creating a culture that embraces cybersecurity.
April 18, 2024