Protecting Manufacturers from Ransomware Attacks
August 16, 2021 | Business Plans
In recent years, there has been a surge in ransomware attacks and an even greater acceleration in the first half of 2021. Virtually every type of business is at risk, especially critical links in the manufacturing supply chain.
For example, in May 2021, a high-profile attack temporarily shut down operations of the largest gas pipeline in the United States. The owners of the channel paid nearly $5 million in ransom to regain access to their servers.
Although the owners eventually recovered most of the Bitcoin transferred to the hackers, the lessons are loud and clear: Watch out for similar attacks on your company and take preventive measures to foil prospective hackers.
What Is Ransomware?
Manufacturers account for nearly a quarter of all ransomware attacks — more than any other industry, according to software company Varonis. Ransomware is a malware designed to prevent access to a computer system or files until the user meets the perpetrator’s payment demands. Essentially, your computer network is “held for ransom” until those demands are met.
When ransomware was introduced in the 1980s, attacks typically targeted individuals, making payments through the regular U.S. mail. Today, high-tech criminals usually go after deeper pockets and often require ransom paid via cryptocurrency.
It doesn’t take much to be infected. Typically, the malware is sent through unsolicited emails such as Word files or PDF attachments, or links to a website. When clicked, the attachment or link installs the malware on the user’s computer and, from there, infiltrates the network. Frequently, emails appear to be coming from a legitimate company your firm deals with or someone you know. In other cases, perpetrators pose as law enforcement officials or representatives of federal agencies, such as the FBI, IRS, or U.S. Department of Labor.
Once a device has been compromised, the perpetrator has a foothold in your entire IT environment. Until your IT department detects the breach, the hacker is free to explore your network for vulnerabilities and sensitive data and encrypt data indiscriminately. Then the hacker can demand a ransom for the decryption key needed to restore your access to the network.
How Can You Prevent an Attack?
Protecting your network requires vital personnel to identify ransomware before it infects individual computers. Consider the following six best practices:
- Train users to recognize red flags. Your workforce is your first line of defense against an attack. Employees and other network users — including suppliers and vendors that can access your system — should understand how ransomware attacks happen. Instruct them to exercise caution when opening unsolicited emails and searching the Internet. For example, they should know to report any suspicious emails to your IT department and verify a sender’s email address before clicking on a link or opening a file.
Require your staff to participate in regular cybersecurity awareness training sessions. This includes assembly line workers, as well as those in the back office and managers. Consider testing methods that simulate actual ransomware attacks to help improve awareness and establish whether your training program is effective.
- Install the latest IT security products. Take advantage of tools, such as antivirus software, firewalls, and email filters. Give your IT department the authority and resources to implement a comprehensive cybersecurity plan
Cybersecurity is a continuous improvement process. An effective program is always at least one step ahead of the hackers. IT personnel may need additional training to stay atop the latest scams. For example, your staff may need extra training if your company has transitioned to remote working arrangements because remote sites can be more challenging to secure.
- Stay current on updates. Ensure that all operating systems and applications are updated on users’ computers. If they aren’t, secure the latest patches from verifiable sources. Criminals launching ransomware attacks are known to prey on those with older, more vulnerable systems and applications.
- Back up files. Perform frequent backups of your system and other important files. If a computer becomes infected with ransomware, you can restore your system to its previous state using backups if you catch the attack before the perpetrator encrypts the data.
Store backups on a device that’s separate from the network, such as an external hard drive or cloud account.
- Obtain cyber insurance. Many manufacturers buy cyber liability and breach response insurance to fortify their defenses against losses from ransomware attacks. Professional and general business liability insurance policies generally don’t cover losses related to a hacking incident.
Cyber liability insurance can cover a variety of risks, depending on the scope of the policy. Typically, it protects against liability or losses that come from unauthorized access to your company’s electronic data and software. Certain modifications or addendums may be available based on the nature of your operations. For example, there may be policies customized for manufacturers in the health care industry.
Instead of purchasing a standalone cyber liability policy, you might add a cyber liability endorsement to your errors and omissions policy. Note that coverage through an endorsement isn’t as extensive as coverage in a standalone policy.
Reminder: Cyber liability insurance is not a replacement for sound cybersecurity policies and procedures. You should carefully read your cyber policies to understand what types of incidents are expressly excluded from coverage. Other well-resourced preventive measures can also reduce your premiums for cyber insurance.
- Devise a formal plan. If your company is hit with a ransomware attack, will you pay the ransom? This is a high-level decision that requires comprehensive analysis. Last fall, the U.S. Treasury Department advised ransomware victims to be subject to sanctions and legal liability if they facilitate ransom payments to hackers. So, discuss your response plan with in-house IT personnel and outside financial, legal, and insurance professionals.