Smaller manufacturers in West Michigan enjoy a general perception that their businesses are low on the totem pole when it comes to software hacking, phishing, malware and ransomware attacks.
But during the past three years, manufacturing has joined finance and healthcare as one of the top three business sectors targeted by cyber crooks and foreign nationals who scour the internet for ways to extort money and steal trade secrets, experts say.
Michigan Manufacturing Sector Survey:
MiBiz and the Michigan Manufacturing Technology Center-West are gathering information for a report on cybersecurity in Michigan's manufacturing industry. We would like to hear about your opinions, experience or knowledge of the subject in this anonymous survey. Please join your peers in taking this 7-question survey that should take no more than 2 minutes. Thank you.
“Manufacturing is a much more popular target now than three years ago because, generally speaking, those types of companies tend to have less sophisticated cybersecurity measures in place and more potential areas of profit for a hacker,” said Ryan Bonner, vice president of customer success at Brightline Technologies Inc. in Brighton.
At a basic level, manufacturing companies are vulnerable to the same attacks as banks, health care agencies, governments and transportation agencies when it comes to ransomware and denial-of-service attacks, but they often are unprepared for the event, Bonner said.
Distributed denial-of-service (DDoS)
A DDoS attack occurs when a perpetrator disrupts use of a company’s information or internet services, often by “flooding” a network with information requests. In October last year, hackers took control of household devices with a malware called Mirai that directed huge amounts of bogus internet traffic at a major provider internet services to other companies.
In a ransomware attack, the perpetrator secretly encrypts all of a company’s data, making the information completely unusable unless the company pays a ransom to release the data from encryption. Often, the only recourse is to abandon the encrypted data and restore data from an older backup. “Unless you back up your data often and on a regular basis, targets of ransomware can end up spending a lot of money or risk losing their data altogether,” Bonner said.
“A major problem with these types of attacks is the interruption of the business function — the potential loss of a customer or a tarnished reputation,” he added. “A lot of manufacturers operate on tight deadlines, and these types of interruptions can be costly.”
Other areas for criminal activity include rerouting ACH transfers of money or payroll payments. Bonner said manufacturers that perform their own payroll functions can be hacked to re-route payroll transfers into dummy accounts or gift cards. In an ACH transaction fraud, a hacker monitors email accounts of a company to determine the day that a large payment is to be received via ACH. The perpetrator hijacks an email account of an appropriate person in accounting and “spoofs” an email message from that individual, directing the outside organization to make their payment to an alternate account.
“In cases like these, we ask manufacturers whether their staff has been adequately trained to spot the most common types of cyberattacks such as phishing, malicious URLs and social engineering,’ Bonner said. “Companies also should review if they have a way to know the reputation of a link before it is allowed to execute, and if their external IT provider will alert them to security risks.”
After a company is hacked, it has a 4 times greater chance of being hacked again in a year because it often is marked as an “exploitable target.” This is also due to the fact that it takes the average business 240 days to discover they have been hacked, allowing the hacker to return to the source on multiple occasions.
Some manufacturers have additional risks from cyberattacks associated with the types of products they make, especially if the products are used in Department of Defense applications.
“Manufacturers that sell to the U.S. military should review all of their contracts and fully understand the ramifications of contractual clauses such as DFARS 252.204-7012, a clause that exposes a company to civil and criminal actions in the case of an unreported information breach,” Bonner said.
Large corporations such as Boeing and Lockheed Martin Corp. and the U.S. government itself are frequent targets for cyberattacks, as well as smaller manufacturers that may supply only one component to these larger companies. In 2014, U.S. authorities arrested a Chinese businessman on charges of hacking into the computer systems of U.S. companies with defense contracts to steal data on the latest F-35 JSF jet.
“There’s a reason why the Chinese now have a close facsimile of the F-35 joint strike fighter on their tarmacs,” Bonner said. “They were able to steal the design — piece by piece — using hacking techniques in order to build the plane.”
Even though they may not perform defense work, companies that are “rich in intellectual property” developed in-house or shared by their customers are often targeted by cyber criminals or foreign nationals as well.
“The bottom line is that manufacturers can’t afford to think they won’t be targets,” Bonner said. “Hackers have discovered that manufacturing can be a very lucrative sector to attack, partly because most manufacturers haven’t installed the same safeguards as the financial and health care sectors.”