Why Hackers Love Manufacturers and How To Stop Them

It’s easy to see why. A multitude of networked machines makes for more potential vulnerabilities that hackers can exploit. An industry that prides itself on efficiency and avoiding downtime means manufacturers who fall prey to cyber attacks have extra motivation to pay ransoms and get systems back online quickly. Fiercely guarded intellectual property and classified information fetches a premium on the black market.

Kelser Corporation President Jim Parise says, “It may seem like small job shops tucked away in New England towns would be off the radar for hackers, who typically operate internationally. But manufacturing firms with 50-100 employees are actually a sweet spot for cybercrime. Companies that size typically have data worth stealing and a lot to lose if their systems are held hostage for days or longer. They also don’t usually have state-of-the-art defenses.” Though that is beginning to change thanks in part to new Federal standards in NIST 800-171 and more recently CMMC, the Cybersecurity Maturity Model Certification.

“They key is for cybersecurity not to be an afterthought. Security needs to be a core principal behind every process and product,” says Parise, whose team at Kelser Corporation in Glastonbury, Connecticut, routinely works with New England manufacturers to recover from and prevent cyber attacks, as well as manage their entire IT infrastructure and strategy. With many manufacturers ramping back up as COVID-19 restrictions are lifted, now could be an ideal time to reexamine how your company operates from a cybersecurity perspective.

“No defense is perfect,” says Parise, “but the more aware you are of what to look for, and the more layers of security you have in place, the stronger your position becomes.” While there are many types of cyber attacks (and they are often combined), here are three big ones that affect manufacturers and best practices to combat each.

What is it?
Think of it as cyber extortion. Hackers remotely lock data or systems and demand payment to turn over the key. “For manufacturers, who put so much into optimizing each day for maximum output, it’s maddening to have a cybercriminal come out of nowhere and shut it all down,” says Parise.
How to fight it
• Cybersecurity awareness training – Ransomware typically gets into the system through a phishing email with a malicious link or attachment. Firewalls and filters can prevent employees from opening infected emails, but the strongest defense is a keen eye and a high level of suspicion.
• Backups – While not as good as avoiding the attack in the first place, having a secure backup system that can restore quickly will minimize downtime inflicted by ransomware and avoid difficult decisions about paying hackers.

What is it?
Hackers research your company and create extremely realistic emails designed to trick you into giving them access to data or funds. “This could look like an email from the actual CMS your company uses asking you by name to reset your password,” says Parise. Another common example is an email that appears to be from the CEO demanding an immediate wire transfer to an actual client, using account numbers that, of course, belong to the hacker.
How to fight it
• Manufacturers love finely tuned processes, so strict protocols – such as, no one will email asking for wire transfers, or always confirm transmission of sensitive data by phone or in person – are your best defense here.

What is it?
IoT (internet-of-things) attacks prey on equipment that is connected to the network. “The worst-case scenario for manufacturers is that hackers gain control of expensive CNC machines or other equipment and damage or destroy it,” says Parise. “More often, an IoT device is used as an entry to the company network in order to steal data.”
How to fight it
• Segment your network so that machines and equipment are separated from files and business operations. That way, a breach of an office computer won’t spread to a machine on the shop floor and vice versa.
• Limit connectivity of machines. “Just because you can network equipment, doesn’t mean you should,” says Parise. Leave machines off the network if they don’t need to be there.
• Understand and manage openings through your firewall into your environment. Often. vendors establish connectivity to devices
in order to remote in for support, perform upgrades or other maintenance activity.

“When the cyber attack occurred,” remembers Pete Schauster, president of Empire Industries, a pipe hanger manufacturer in Manchester, Connecticut, “questions about inventory from customers that normally took 30 seconds to answer took an hour or two because we had to run out to the warehouse and physically check inventory. And that’s just here in Connecticut. We didn’t have the ability to check inventory in our warehouses in Atlanta or Phoenix. We’re a customer driven company, and not having that system in front of you to answer those questions… the day stops. You can’t generate purchase orders. You can’t ship material. You can’t do anything. It’s a loss of business, for sure.”

Empire was hit with a ransomware attack that that shut down the company’s business operations for more than a day. They were lucky—they had backups, and their equipment on the shop floor wasn’t networked with the affected computers in the office. Still, it was a wakeup call. “It can happen to anybody,” says Schauster. “You hear the news about large companies being hacked, and you’re like, ‘That’s never going to happen to us.’ But it did.”
Empire hired Kelser to remediate the attack and shore up their defenses. Now Kelser collaborates with Schauster and Empire’s IT staff on initiatives such as choosing the right cyber risk insurance policy and migrating servers to the cloud. “We’re a small company who has very good retention in our employees,” says Schauster. “Inevitably, you put your blinders up and think of doing things in a way that you’re used to doing them. The cyber attack and bringing in Kelser was the beginning of us thinking about technology strategically. Obviously, everyone uses technology in the building, but how does it relate to where we want to be two, five, 20 years from now?”

“WNIST 800-171 and CMMC, the Cybersecurity Maturity Model Certification, are federal standards that apply to manufacturers anywhere in the supply chain of the Department of Defense. By the end of 2020, CMMC compliance will be a requirement for DoD contract awards. NIST 800-171 went into effect in 2018, but since it takes time to meet the very strong standard, large manufacturers are only recently beginning to demand compliance of their suppliers, some of which are enlisting the help of IT consultants like Kelser.

“NIST and CMMC are some of the strongest cybersecurity protocols in the world,” says Parise. “Even if compliance isn’t mandated by your customers, these standards provide a valuable roadmap for strengthening a manufacturer’s defenses.”
Take the time to explore the National Institute of Standards and Technology (NIST) cybersecurity framework (this can be found at www.nist.gov/cyberframework), which includes best practices and guidelines you ought to be considering for your own operative IT framework.

Major steps include:
1. Identify
2. Protect
3. Detect
4. Respond
5. Recover

Don’t leave the security of your network to chance. Put a plan in motion today. It’s imperative to your business’s future. Failing to do so places your organization’s internal data in jeopardy, as well as your customers’.