By Bruce Geiselman
Even though small companies often incorrectly believe they’re not attractive targets, the computer networks of all manufacturers are at risk of ransomware attacks and other cybercrimes.
“The risks out there are plentiful; that's the unfortunate part of this, and it doesn't matter what size you are, you can be on their on their list for attacks,” said Erich Kron, a security awareness advocate for KnowBe4, a cybersecurity company that emphasizes employee education.
Ransomware is a hot topic these days because of the attention it has garnered in the news media with some high-profile cases like the Colonial Pipeline ransomware attack in 2021 and more recent attacks on hospitals and health care systems.
“Manufacturing is one of the top organizations or top industries impacted by ransomware,” Kron said. “You see manufacturing, health care and local governments on there a lot, mostly because like manufacturing, health care is very time-sensitive. ... It's the same thing in manufacturing. Again, you want to get that line running. Otherwise, things get things get real ugly, real quick.”
Ransomware involves cybercriminals getting into a network and taking information that’s valuable by stealing a copy of it. Then, they encrypt data on the victim’s network so the victim can’t use it, Kron said.
“It’s not something you’re going to be able to beat quickly,” Kron said. “That tends to throw, especially manufacturing organizations, into chaos because it can take down their production line. It can take down all the systems where you’re doing your invoicing and your ordering.”
Manufacturers are becoming more vulnerable to ransomware as more of them adopt just-in-time strategies where they don’t have large inventories of raw materials and must make timely deliveries to clients.
The No. 1 way bad actors get into a network is through “simple, old-fashioned email phishing,” hoping to trick at least one person into opening a file containing a virus, Kron said. A variation on that involves distributing infected USB drives with the hope someone will plug one into a network-connected computer.
Remote access, which has gained in popularity with more employees working from home and signing into work networks, presents another vulnerability.
“It’s because accounts that access the system may have very poor passwords that are easily guessed,” Kron said.
Sometimes, a would-be hacker calls an employee of a targeted company claiming to be an IT department employee who is trying to resolve some network issues. The bogus IT worker attempts to convince the employee to divulge his or her username and password. Then, the cybercriminal has direct access into a company’s network.
To combat unauthorized remote network access, Kron recommended that companies use multifactor authentication to verify employee identities. In addition, Kron recommends educating employees on the importance of not reusing the same passwords on different websites and services. There have been well-publicized cases of cybercriminals stealing usernames and passwords during data breaches involving companies and online email and social media sites. Other criminals buying those usernames and passwords on the dark web can then use automated programs to find other websites or computer networks on which the usernames and passwords will work.
For user convenience, Kron recommends the use of password vaults that generate random passwords and store them securely. Some of the programs even automatically fill in the passwords in a web browser for the user.
“They’re great, great tools, and they’re generally very inexpensive,” he said. “There are even some good free ones out there.”
Kron said separate password vault programs are generally more secure than storing a password in a web browser.
If a company falls victim to a ransomware attack, it can be a difficult decision as to whether to pay the ransom or try to recover on your own.
“We never recommend paying the ransom,” Kron said. “The truth of the matter is, sometimes you have to.”
One thing companies can do to help recover more quickly from a ransomware attack is to ensure they have recent data backups.
“That’s something you have to plan on beforehand, to make sure you have backups to get your systems up and running,” Kron said.
Even if a company has backups to restore encrypted data, it could face extortion demands from cybercriminals who made copies of confidential information about the company, and its employees and customers. The cybercriminals typically threaten to release the information, possibly including Social Security numbers and banking information, on the dark web. Only if a victim agrees to pay will the cybercriminal promise not to make the information public. While that promise sounds great in theory, it’s coming from criminals who illegally broke into your network, Kron said.
Those who pay ransoms generally get their information back. However, some of the data might be corrupted and unrecoverable.
“Generally speaking, people will get most of their data back, but that doesn't mean that you're done with dealing with the issue,” Kron said. “The problem is, these cybercriminals were in your network. You still have to figure out how they got in your network and make sure that you've closed that door and any other doors that they've opened for themselves to come back later. Otherwise, they'll just re-infect you.”
Kron cited as an example a company from the UK that paid about $3 million in ransom, recovered its data and got back up and running only to be hit by the same cybercriminals 30 days later with another ransom demand.
While human error is the most frequent way cybercriminals access a network, they also can break in by finding unprotected internet-connected devices.
“IOT devices, including TVs that are plugged in, are absolutely a risk,” Kron said. “Nobody thinks about it for a while and it doesn't get security patches or updates. Then it’s vulnerable to an attack. The bad actors … could use that as a springboard to move around within the network.”
Contact:
KnowBe4 USA, Clearwater, Fla., 855-566-9234, www.knowbe4.com
Bruce Geiselman, senior staff reporter
