Cyber Breach: It’s Not a Matter of If...It’s When

Although cybercrime and attacks are on the rise, more than half of OEMs have zero cybersecurity measures in place. Experts weigh in on how to protect your people, processes, assets, and reputation from cybercriminals.

Cybersecurity for OEMa

Screen Shot 2020 02 27 At 1 54 04 PmSikichManufacturers aren’t safe from cyber attacks. In fact, they are increasingly being targeted by hackers who are after sensitive information and money.

Delkor Systems experienced these cybersecurity challenges firsthand in August 2017. They encountered a couple of phishing attacks where emails were received by their employees. The phishing emails are typically used to gather user credentials so hackers can gain access to employee accounts. The hackers then use these credentials to send emails out to vendors and customers to gather more credentials. This was also followed by an imposter fraud attempt where hackers inject themselves in the invoice payment process and request changes to the banking information that customers are using to send payment. In both cases Praveen Rokkam, chief information officer had to send quick communications to all affected parties notifying them of potential security risks. Phishing attacks along with Imposter Fraud are a few of the many attacks plaguing manufacturers.

According to Techradar, more than three trillion phishing emails are sent per year, which is why it wasn’t surprising that this had happened to Delkor a few times after the initial attack. But Delkor isn’t alone. In fact, professional services firm Sikich found that more than half of manufacturers suffered a data breach or cyber attack involving computer systems or networks last year—11% reported the attack to be a major intrusion. Manufacturers are not only being invaded by hackers, but also by cyber criminals and other companies and nations trying to extract money and information, strategically disrupt business, or gain a competitive advantage, a recent case study from Deloitte states.

Since the attacks in 2017, Delkor has implemented numerous additional security measures and safety nets, including a multifactor-authentication (MFA) feature within its Office 365 platform—an approach that would only allow employees to access their Office 365 account  (Email, SharePoint, One Drive, etc.) if they entered a code that was sent directly to their mobile device. The OEM has also enabled Advanced Threat Protection through Office 365, implemented a very secure firewall where MFA is required for employees to remotely connect via VPN, Mandatory KnowBe4 Cybersecurity awareness training for all employees, Cloud and SAN data storage solutions for backup strategy, and protection against potential ransomware attacks. Praveen says the OEM hasn’t experienced an attack since.

But unlike Delkor, more than half of manufacturers told Sikich they haven’t updated or even implemented cybersecurity measures, leaving many OEMs vulnerable to cybercrime.

Practical considerations for implementing and improving cybersecurity measures
OEM Magazine spoke with leading experts in cybersecurity to determine what the next steps are for OEMs who are looking to improve, update, or implement measures to protect their company, assets, and customer relationships. Here is their advice.

Train your employees to be aware of cyber threats. One of the biggest threats to cybersecurity may be in your facility right now, and you might even be sitting next to them. That’s right: your colleagues could either be the greatest risk to your company’s security—if they are not properly trained and educated—or they can be your first line of defense against cyber attacks.

Andy Lomasky, PMMI’s IT director, hosted a panel discussion on cybersecurity during the association’s 2019 Annual Meeting in Cincinnati. One of the common themes discussed by machine builders during the panel was around educating employees.

“I think that training component is so important,” Lomasky says. “From employee computers to machines, anytime you have devices connected to a network, they’re potentially at risk of being hacked. But you can mitigate those risks by having good security controls and by making sure that you’ve properly trained the workforce so that they aren’t easily opening up doors for hackers.”

Phishing emails are becoming more sophisticated and appear to be more genuine, says Elliot Forsyth, the vice president of the National Cyber Program at the Michigan Manufacturing Technology Center. Scammers are using phishing emails that look just like they came from a trusted source, coworker, customer, or vendor. This is why it’s critical to train your employees as well as make sure your employee practices minimize exposure risks to your business.

“For example, scammers are creating phishing emails that appear to be identical to business leaders, such as CEOs, COOs, etc. This often includes signature lines, near identical email addresses, pictures, etc. This is becoming a common approach for scammers which occurs in many companies, including mine. Our president had his email duplicated in terms of how it looks with his picture. A scammer sent an email to our CFO with a request to deposit a large amount of money into a specified account,” Forsyth says. “Our CFO had been trained to recognize such attempts, and prevented a potentially negative outcome.”

Keep your cybersecurity suppliers and partners close. When a cyber attack occurs, things will move at the speed of light, and OEMs will need to have a plan to minimize the damage that could be caused. Lomasky recommends having a couple of partners—whether it be cybersecurity software providers or IT professionals—on call to assist and advise on next steps.

“If we were to have a breach, I want to make sure that I have—at minimum— a set of partners, consultants, or technology resources that I can go to,” Lomasky says. “Our managed services provider is a huge resource to me when I have a question or need to figure things out. We also have a relationship with an IT research vendor. If I had the need to go out and get a next generation firewall, we have a research membership with [IT consultant] Info-Tech where I could go to their service and download their research or talk to an analyst, and get their guidance so that I could make a wise purchasing decision. Those connections are invaluable.”

Have an effective backup system and plan in place. As an IT professional, Lomasky has seen many cyber tragedies, including companies losing all of their customer data, sensitive, propriety information, contacts, and more in a matter of minutes.

“An employee who was on vacation in a foreign country got an alert that their email was being logged into at a new location. They thought nothing of it because they figured it was them, but really, it was a hacker who gained access to sensitive information in their email and managed to hack into their company’s server,” Lomasky says. “They completely disrupted and imploded it. Hackers will withhold company information for ransom, which is why you need to have the proper backup solution to be able to get your information restored.”

Lomasky advises OEMs to consider if they need to buy a server or use cloud technology to get the backup infrastructure they need. He also asks: “If you have a backup, have you tested it? Not to mention, managing risks, keeping information safe, and restoring data requires a lot of time and energy. Manufacturers need to make sure they have the right resources in place to be able to do that. I will say, if you have one IT guy on staff, that’s not really going to cut it when you’re talking about a major restoration effort. That’s why you need to have backups and a solid action plan that you can enact quickly if needed.”

Monitor and protect control systems. Let’s talk about the industrial control systems (ICS)—the brains of the manufacturing process—because these controllers aren’t safe from cybercrime. ICS includes a number of different control systems used to automate industrial processes; including Supervisory Control and Data Acquisition (SCADA), distributed control systems (DCS), and programmable logic controllers (PLCs). According to Steve Bjarnason, senior security advisor, Secureworks, a cybersecurity software and services company, the ICS is often not completely segmented from the business network, which makes it extremely vulnerable to external and internal cyberattacks.

Screen Shot 2020 03 09 At 9 07 00 Am

One way control systems can become vulnerable is when operators or engineers set up their own Internet access to the ICS area. Usually, a company will design its network according to the Purdue Model of Control Hierarchy. This framework is used commonly by manufacturers, and the structure has become a model for “cyber safety.” A manufacturer will also put up firewalls and other devices to keep these systems protected.

“So, when someone sets up an unauthorized Internet connection from a third-party service provider, the system becomes completely exposed to hackers who might be scanning the Internet looking for a vulnerability like that,” Bjarnason says.

Removable media, such as a USB, can also serve as a gateway to cyber attacks on an ICS. OEMs may have trusted partners, contractors, or employees coming into their facility, or their customer’s facility, to collect data through a USB stick. “But manufacturers rarely ask where that USB came from,” Bjarnason says. “You have to wonder, is it infected? Could it affect the SCADA, PLCs, and maybe the safety system? These attack vectors become another avenue for malicious code to propagate or data to be exfiltrated. The ICS needs to be monitored on a regular basis. OEMs should have a monitoring system that is constantly scanning for malicious activities and detect unauthorized changes to the environment.”

With adversaries remaining undetected for 111 days on average, it is critical that detection and response capabilities, such as Secureworks’ Red Cloak Threat Detection and Response (TDR) security software, and Managed Detection and Response (MDR) service are in place to ensure manufacturers rapidly recognize adversarial behaviors on their network and take prompt and appropriate response actions, preventing costly damage or even loss of life.

Leverage local resources. As the vice president of the National Cyber Program at the Michigan Manufacturing Technology Center, Forsyth recommends that manufacturers tap into local resources such as the Manufacturing Extension Partnership (MEP) centers, which is offered by the National Institute of Standards and Technology (NIST). MEP is a public-private partnership with centers in all 50 states and Puerto Rico dedicated to serving small and medium-sized manufacturers. Last year, MEP Centers interacted with 28,213 manufacturers, leading to $15.7 billion in sales, $1.5 billion in cost savings, $4.5 billion in new client investments, and helped create or retain 114,650 jobs.

MEPs have helped OEMs with their cybersecurity initiatives and awareness through Michigan’s MEP center and says it can be a great resource for manufacturers looking to educate and empower themselves.

If this information is jarring to you, it should be. A cyber attack happens every 39 seconds, and your organization could be next. The NIST has many resources for getting started with cybersecurity, and even has a cybersecurity framework that OEMs can use to base safety measures off of. For more information, visit: oemgo.to/nistcyber

Screen Shot 2020 02 27 At 1 53 11 Pm

Screen Shot 2020 02 27 At 1 53 31 PmSecureworks

More in Business/Management