For companies in the manufacturing industry, ransomware attacks have become a pervasive threat. Since many manufacturers are unable to remain locked out of their operational technology (OT) networks, hackers are targeting them with ransomware. During a ransomware attack, hackers use encryption to lock access to systems or files until their demand for a ransom payment is met. Without access to these necessary systems, manufacturing companies cannot carry out their typical operational activities.
What Are Threat Actors After?
The manufacturing industry is one of the most highly targeted with ransomware by cybercriminals. In 2019 alone, over $11 million was transferred to hackers to meet ransom demands, with 62% of the payments coming from organizations in the manufacturing sector. One of the largest targets in these attacks is money. Manufacturers can not afford to halt production or undergo disruptions to their supply chain, so they are often likely to pay the ransom demanded. However, in addition to monetary rewards, hackers may be in search of intellectual property and other sensitive information stored within the systems they are attacking.
Despite a manufacturing organization’s likelihood to pay the ransom demanded, they must be cognizant of new advisories against doing so, issued by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC). OFAC warns that paying hackers during a ransomware attack not only encourages this type of attack to continue but violates regulations. The manufacturing sector stands to face steep fines if payments are sent to sanctioned entities, which will greatly increase the cost of the ransomware attack.
How Manufacturing Companies Can Protect Themselves from Ransomware Attacks
In response to the growing threat posed to the manufacturing sector, there are many ways that they can better defend themselves against future ransomware attacks. Some of these methods include:
- Stay Up-to-Date: Hackers are continually on the lookout for vulnerabilities they can exploit to place ransomware on your network. By applying patches and making sure that your system is always up-to-date, hackers will have a more difficult time getting access to the information they are looking for. With a third of IT professionals admitting that cybersecurity breaches have occurred as a direct result of unpatched vulnerabilities, this remains a popular method of attack for hackers. This was seen in 2017 when unpatched Windows systems left manufacturers suffering from hundreds of millions of dollars in damages, which could have been prevented by keeping systems updated.
- Backup Essential Data: If your organization is faced with a ransomware attack, make sure that you are prepared with backups of everything. It will be less intimidating knowing that the data hackers have locked or destroyed had another copy in an alternate location. However, since hackers can also get into backup systems, it is important to make sure they are either stored in the cloud or a local, offline storage device.
- Employee Training: Email remains to be another popular method of delivery for ransomware since it is both cheap and effective. To best protect against this threat, employees should receive training on how to detect and avoid suspicious emails. Employees should avoid opening links from unknown senders, clicking on links that may be illegitimate, and downloading attachments.
- Simulate Attacks: One of the best ways to be prepared for a ransomware attack is to test your defenses. Using a product like rThreat’s Breach and Attack Simulation technology, you can identify weaknesses in your cybersecurity defenses. By finding (and fixing) these weaknesses before attack groups do, you can maintain the security of sensitive information and critical systems.
- Know What’s Connected: With a growing number of devices connected to company networks, especially with the increased amount of people working from home, knowing what is connected is essential in preventing cyber threats. Some devices lack sophisticated built-in security, so identifying these devices will make you aware of potential routes attack groups may use to infiltrate your network.
Do you want to learn more about cybersecurity? Please subscribe to our newsletter.