Visit our Content Hub!
Access free downloadable content curated by our editors.

How Close Is Your Next Cyber Attack?

Tips and best practices to stop your biggest threat: People.

Getty Images Phishing
Getty Images

Cybersecurity is more than a buzzword, and it’s likely something you’ve been hearing a lot about lately.

Cybersecurity is the art of protecting networks, devices, and data from unauthorized access or criminal use. Since computers were first created, there have been hackers trying to access your private information. And today these threats are only increasing as most of our daily lives rely on the internet—from our communication to transportation, medical records, shopping, work—the internet plays a large role in each of our daily lives. As such, a robust cybersecurity prevention plan for your company is a must. But knowing which threats exist and how to get started can be daunting.

Today’s attacks are highly sophisticated and targeted to do massive destruction to companies across all industries. But manufacturing is one industry that seems to have a big target on its back.

“The manufacturing industry has become a more attractive target for cyber threats in recent years due to several factors, including increased connectivity of equipment via the Internet of Things (IoT), vulnerabilities in operational technology (OT) devices, the increasing amount of data being made available from equipment, and a general lack of cybersecurity culture and awareness across the manufacturing supply chain,” says Andy Lomasky, IT director at PMMI, the Association for Packaging and Processing Technologies.

The danger is real, but before you can develop a plan to protect your company from a cyber attack, it’s helpful to know your biggest threat, and it may be simpler than you think.

Your biggest threat

While sophisticated attacks may be on the rise, the most successful and historical cyberattack is the most simple: Phishing. PMMI reports that almost 90% of cyber attacks are related to email phishing, which can also lead to ransomware. Consider that phishing rose over 200% over the past three years, and incidences of attacks like these are only growing.

“The biggest cybersecurity threat is phishing… everyone is going after end users,” says Andy Sitnik, IT manager at Schneider Packaging Equipment, a Pacteon Company.

The problem is that phishing attacks start out from a small and seemingly innocent act (an employee opening and clicking on a link they shouldn’t have). With phishing, hackers will send a fake email with just enough believable information to get someone to open it. For example, they may ask for a quote to build out a machine knowing that sales staff will likely respond. “They’ll send an email with a legit link to a big company that everyone knows… the link is valid and then it goes to another page, and that’s where the phishing is,” says Sitnik.

The goal of a phishing email is to gain information about you, steal money, or install malware on your device. The takeaway? Be suspicious of all unexpected emails. And up your training game as one of the biggest tools to protect and defend against cyberattacks is proper employee training.

“Training is big… all these problems are coming from the end user. We do cyber security training at the yearly training through our HR system; everyone must complete it,” says Sitnik. In addition to yearly training, one company (that wishes to be anonymous) is even contemplating a phishing simulator as part of its training plan to hone in on who within the company falls for the scam. Then, IT can determine further training sessions (and maybe different methods) to make sure these people don’t fall for the real thing.

If you find yourself in a position where you don’t have any cybersecurity training in place, it’s a good idea to get started. The first step is to go to your IT department, operations, or finance—whoever oversees the basic information technology part of the company—and start to create a plan. Next, find a platform to help you train employees on the topic of cybersecurity (there are a lot of options out there at different price points). Set up a training schedule (ideally more than once per year so it’s fresh in employees’ minds), and include a variety of tools like videos, short presentations, best practices, and even checklists to keep your employees interested and engaged. Aside from training, be sure you have the tools in place to prevent cyberattacks as well as a plan of action in the case of a real-life threat.

“Use a good antivirus program; they’re not all the same,” Sitnik explains,“and look for advanced features like encryption guard, device isolation, etc.” Another best practice: Don’t be in a rush, work slower, and take a step back. Ask yourself if this email is real. Were you expecting the company to reach out, does everything look legitimate? And then there’s another best practice: multi-factor authentication. A common word of advice to boost your personal or company cybersecurity is to turn on multi-factor authentication. Known as MFA, 2FA, two factor authentication, multi-factor authentication, and two step factor authentication, it refers to utilizing an extra step when logging into websites and applications to confirm your identity. This is key because attackers commonly exploit weak authentication processes. With MFA, two forms of identification will be required, like a pin number and a fingerprint.

Sitnik recommends using multi-factor authentication anywhere you can. Because if someone does end up releasing their username and password, at least the fall back is having multi-authentication as another level of security.