Visit our Content Hub!
Access free downloadable content curated by our editors.

Cyber Breach: It’s Not a Matter of If...It’s When

Although cybercrime and attacks are on the rise, more than half of OEMs have zero cybersecurity measures in place. Experts weigh in on how to protect your people, processes, assets, and reputation from cybercriminals.

Cybersecurity for OEMa

For tips on managing cybersecurity during the COVID-19 pandemic where cyber attacks are rampant and companies are more susceptible, scroll down for an exclusive Q&A with PMMI's IT Director, Andy Lomasky. 

Manufacturers aren’t safe from cyber attacks. In fact, they are increasingly being targeted by hackers who are after sensitive information and money.

Delkor Systems experienced these cybersecurity challenges firsthand in August 2017. They encountered a couple of phishing attacks where emails were received by their employees. The phishing emails are typically used to gather user credentials so hackers can gain access to employee accounts. The hackers then use these credentials to send emails out to vendors and customers to gather more credentials. This was also followed by an imposter fraud attempt where hackers inject themselves in the invoice payment process and request changes to the banking information that customers are using to send payment. In both cases Praveen Rokkam, chief information officer had to send quick communications to all affected parties notifying them of potential security risks. Phishing attacks along with Imposter Fraud are a few of the many attacks plaguing manufacturers.

According to Techradar, more than three trillion phishing emails are sent per year, which is why it wasn’t surprising that this had happened to Delkor a few times after the initial attack. But Delkor isn’t alone. In fact, professional services firm Sikich found that more than half of manufacturers suffered a data breach or cyber attack involving computer systems or networks last year—11% reported the attack to be a major intrusion. Manufacturers are not only being invaded by hackers, but also by cyber criminals and other companies and nations trying to extract money and information, strategically disrupt business, or gain a competitive advantage, a recent case study from Deloitte states.

Since the attacks in 2017, Delkor has implemented numerous additional security measures and safety nets, including a multifactor-authentication (MFA) feature within its Office 365 platform—an approach that would only allow employees to access their Office 365 account  (Email, SharePoint, One Drive, etc.) if they entered a code that was sent directly to their mobile device. The OEM has also enabled Advanced Threat Protection through Office 365, implemented a very secure firewall where MFA is required for employees to remotely connect via VPN, Mandatory KnowBe4 Cybersecurity awareness training for all employees, Cloud and SAN data storage solutions for backup strategy, and protection against potential ransomware attacks. Praveen says the OEM hasn’t experienced an attack since.

But unlike Delkor, more than half of manufacturers told Sikich they haven’t updated or even implemented cybersecurity measures, leaving many OEMs vulnerable to cybercrime.

Screen Shot 2020 02 27 At 1 54 04 PmSikich

Practical considerations for implementing and improving cybersecurity measures

OEM Magazine

Train your employees to be aware of cyber threats. One of the biggest threats to cybersecurity may be in your facility right now, and you might even be sitting next to them. That’s right: your colleagues could either be the greatest risk to your company’s security—if they are not properly trained and educated—or they can be your first line of defense against cyber attacks.

Andy Lomasky, PMMI’s IT director, hosted a panel discussion on cybersecurity for manufacturers during the association’s 2019 Annual Meeting in Cincinnati. One of the common themes discussed by machine builders during the panel was around educating employees.

“I think that training component is so important,” Lomasky says. “From employee computers to machines, anytime you have devices connected to a network, they’re potentially at risk of being hacked. But you can mitigate those risks by having good security controls and by making sure that you’ve properly trained the workforce so that they aren’t easily opening up doors for hackers.”