As 5G device use skyrockets, the internet of things (IoT) expands and manufacturing leaders gain access to new cybersecurity and business-related insights — from information about addressing their optional inefficiencies to innovative penetration testing methods. However, expanded technology use and inter-device communication exposes organizations to additional cybersecurity risks. More endpoints and end-users equates to more entryways for bad actors to exploit. This likely explains why cyberattacks in the manufacturing industry increased by 52 percent between 2020 and 2021.
According to industry research, 99 percent of U.S. organizations have experienced a security incident in the past year. And for ransomware in particular, the aftershocks of these incidents are incredibly costly. Ransomware breaches led to 22 days of interruption on average in 2020. In other words, organizations could not act effectively or productively during this time. For Production — the bedrock of all organizations — these productivity losses are devastating.
Worse is the damage a breach can have on an organization's long-term reputation. Consumers lose more than 67 percent of their trust in organizations breached by ransomware. Plummeting confidence negatively impacts an organization's ability to collect consumers' first-party data and turn a profit.
Recovering from a large-scale ransomware attack is financially burdensome and sometimes even impossible, depending on the degree of proactive measures an organization adopts. Thankfully, the frequency of ransomware attacks and breaches has given rise to robust cyber defenses that manufacturing leaders can deploy today. Here’s how.
Building a Robust Cyber Defense
The only way to prevent an attack — or curtail its impact on business continuity — is to enact a ransomware protection strategy, preferably ASAP. According to IBM, in 2021, organizations operating on a mature zero-trust framework lost about $3.28 million during the average data breach. Organizations without comparable security measures lost over $5 million on average. Similarly, when breached, enterprises with mature AI/automation-based technologies saved nearly four million dollars compared to their competitors.
Measures like zero-trust security are vital because they compensate for the expansion of the IoT and our modern risk landscape. Within a zero-trust framework, the network treats all users and endpoints as a possibly corrupted risk vector or bad actor. Zero-trust systems require robust and frequent user authentication through multi-factor authentication (MFA) and single sign-on (SSO) protocols, regardless of where the user is geographically located.
Zero-trust security is critical in the modern workforce as employees increasingly access their organization's networks remotely. But zero-trust security protocols and a fortified cybersecurity plan require careful implementation and monitoring. For many organizations, this necessitates the presence of a cybersecurity expert — either through an internal position like a Head of Cybersecurity or a third-party vendor (or both).
Moreover, manufacturing leaders should only consult with professionals who have expertise in production cybersecurity, as the industry faces several specific challenges. For example, although the manufacturing sector excels in thwarting data encryption, it lags behind in backup creation. The right partner will guide leaders through the process of correcting industry-specific omissions.
Your Response Strategy
Even organizations with cutting-edge ransomware protection services may eventually get breached. The good news is that leading providers will walk leaders through an efficient response process, including the following vital touchpoints.
- Take note of the damage and file a report. Once IT technicians know of a breach, they must get to work quickly identifying the ransomware's nature and the damage's extent. This step includes pinpointing all affected devices and categorizing impacted data. Leaders should then work with their legal counsel to determine the scope of legal and regulatory concerns based on the data impacted. This will inform the next appropriate steps to take.
- Address the ransomware appropriately. Remember, it is never wise to pay a ransom. Instead, leaders should focus on restoring device functionality expeditiously. To start this process, isolate all impacted devices — and be aware that simple tasks like shutting down the device may actually further spread the ransomware. Once all devices are isolated, considerations for any needed investigations or forensics should take precedence before planning for data restorations.
- Inform stakeholders. Before announcing the breach publicly, leaders should work with legal counsel and develop an appropriate communication strategy which could include gathering top stakeholders — including important customers, board members and investors — to inform them of the damage and its possible ramifications. Otherwise, these individuals may feel mistreated or misled. Involving the legal team in this step is also crucial because certain disclosures may be mandatory by law. Regardless, leaders should be clear and upfront about the damage.
- Review internal processes and make improvements. Reflecting on a breach is critical. Identify where the ransomware entered and fortify that gap. As part of this step, it's wise to invite outside parties to review security protocols and ensure future ransomware attacks fail.
- Can my organization recover from a breach? The simple but highly caveated answer is ... yes. Manufacturing organizations that have prepared for a ransomware breach with the right resources, including proactive cybersecurity defense measures, zero-trust procedures and an incident response team, can recover in a comparably short amount of time. However, less-prepared organizations may still recoup. However, they will lose thousands — and potentially even millions — of dollars in the process, either in direct costs like cyber insurance, or via downstream complications like productivity loss and data corruption. This is why a strong offense remains the best defense.
IT leaders at organizations with weaker cyber protections should anticipate an unmitigated or prolonged breach to impact their consumers’ long-term confidence, which negatively impacts revenue goals. But don’t lose hope — today’s lesson learned may be tomorrow’s savior.
Allen Jenkins is the Chief Information Security Officer and VP of Cybersecurity Consulting at InterVision, a leading managed services provider.