automotive manufacturing - Tech Solutions

Hacking Alert – An Employee Of Your Manufacturing Company May Be Sending Intellectual Property To a Criminal and Not Know It!

May 10, 2018

The Importance of Cyber Risk Assessments

Your manufacturing company is in the crosshairs of hackers. Cyber-spies are using backdoor viruses to steal intellectual property from businesses like yours.

Manufacturing Hackers

According to Verizon’s 2017 Data Breach Investigations Report, these cyber-spies are supported by nation states.

  • 620 of data breaches hit the manufacturing sector last year, and 94% were committed by state-affiliated actors.
  • 91% of the intellectual property (IP) that was stolen was proprietary data owned by manufacturing businesses.

China in particular expanded their state-sanctioned hacking of US manufacturers in 2017. It’s expensive to do the R&D necessary to design and build a product. It’s a lot less costly just to steal it. Nation-state cyber-espionage is the predominant cause of breaches in the manufacturing industry.

In February 2018 the Worldwide Threat Assessment of the U.S. Intelligence Community confirmed that some nation-state actors are continuing to use cyber attacks to “acquire U.S. intellectual property and proprietary information to advance their own economic and national security objectives.” They say that advances in manufacturing, particularly the development of 3D printing, almost certainly will become even more accessible to a variety of state and nonstate actors and be used in ways contrary to our interests.

The problem is that while manufacturing increasingly involves high-tech processes, in many cases manufacturing businesses don’t have the right IT security in place.

40% of manufacturing security professionals say they don’t have a formal IT security strategy in place. And 37% say they don’t have an incident response plan. This makes manufacturing businesses a prime target for hackers who want to steal IP.

A Backdoor Could Be Secretly Leaking Your IP

The Verizon report reveals that most computer intrusions in the manufacturing industry began with a spear-phishing email that was sent to a company employee and which contained a malicious link or attachment. The malware comes in the form of a backdoor that gives the hacker secret remote access to the computer.

A backdoor is an undetectable technique where a technology system’s security is bypassed without anyone knowing so a thief can steal data. Hackers use backdoors to install malware to modify a code or detect files and gain system and data access. Any connected device in the manufacturing process is at risk.

Social engineering and malware-based cyberattacks combined for a whopping 73 percent of all data breaches in the manufacturing sector last year. Spies favor email phishing techniques with malware to compromise victims.

A recent article in the CIO Journal stated: “Almost any connected device, whether on the shop floor in an automated system or remotely located at a third-party contract manufacturer, should be considered a risk.”

Cyber Risk Assessments

Manufacturers aren’t asking their Technology Service Providers to perform cyber risk assessments on technology they use on the factory floor. If they did, these backdoors could be detected and “closed.”

This is a nightmare that will only get worse if manufacturing companies don’t perform their due diligence where IT security is concerned. If this doesn’t scare you, these statistics should. In 2017:

  • 21 percent of manufacturers lost intellectual property to hackers.
  • Four of the top ten cyberthreats facing manufacturing organizations are caused by their employees.
  • 28 percent of manufacturing organizations lost revenue due to cyber threats.
  • Over 35% of manufacturing executives believe IP theft was the primary motive for the cyber attacks in their businesses.

To change this paradigm requires buy-in from leadership. However, although the manufacturing industry is focused on innovation, updating and enhancing technologies on the factory floor is a cumbersome, slow process. Hackers know this.

It’s time to protect your intellectual property. Develop a cyber-risk management program with the help of your Technology Solutions Provider. They can do a complete IT risk assessment and detect if there are any backdoors installed on your systems.

The right Technology Solutions Provider

The right Technology Solutions Provider (TSP) will customize an IT strategy for you that includes protection for your intellectual property.

Data Security: With ever-increasing threats from cybercrime, your manufacturing business requires risk assessments, data protection, data recovery, staff awareness training, and maximum security of your critical data. You must be able to backup, protect and recover your proprietary and confidential information. To do this, you should outsource your disaster recovery and backup solutions to an expert TSP who will analyze your current state of preparedness and offer guidance on potential courses of action.

Disaster Recovery/Business Continuity: You must be able to recover data after a power outage, disaster, or when IT services are compromised. This requires backing up data to a secure, offsite location so it can be retrieved anywhere you have an internet connection. This way, your employees can continue working.

The right TSP will:

  • Develop and deploy a complete Business Continuity and Disaster Recovery Plan, a customized program to integrate the policies and procedures into your corporate culture, and conduct training sessions to ensure all employees are comfortable with procedures.
  • Maintain an on-going program designed to ensure the validity of the Business Continuity and Disaster Recovery Plan and keep the plan up to date and communicated to all key personnel.

Security Enhancement Via Continuous Monitoring and Maintenance: The right TSP provides continuous monitoring to remotely view your technology network, identify risks and halt IT attacks and breaches. They will address IT issues before they cause downtime or data loss.

Identity and Access Management: They will help you comply with security and regulatory requirements, allowing only authorized individuals to access confidential information.

Virtualization—Servers, Desktop, Storage, Applications, Data Center: Virtualization in information technology refers to the use of virtual servers, desktops, storage devices, applications, and computer network resources. It allows you to virtualize your entire IT infrastructure or specific aspects of it. Virtualization simplifies technology to promote security and efficiencies and reduce costs for your manufacturing business.

The right Technology Solution Provider will ensure the security of your intellectual property. They will also be available 24/7 to provide the specialized and customized IT Service and Support you need to succeed.

About Trevor