9 ways to protect manufacturing from ransomware

Ransomware continues to cause havoc across the manufacturing industry. In 2021, for example, ransomware accounted for 23% of cyberattacks. Threat actors understand the critical role manufacturing and energy businesses have in global supply chains. A single ransomware attack could take just 11 seconds, and tapping into these organizations can have a ripple effect across a number of industries. 

Security researchers at cybersecurity firm Dragos announced that while there is evidence of a slight decrease in ransomware attacks on industrial systems following the shutdown of the Conti ransomware group in Q2, several attacks had devastating effects. Case in point: the LockBit ransomware group attacked a Foxconn factory in Mexico in May, which forced a weeks-long closure at the company. 

On average, a ransomware attack could cost $4.54 million, and that’s not taking into consideration the additional downtime cost. And this is likely to be why manufacturing, and those with operational technology (OT) networks especially, are attractive targets to ransomware attackers. In 2021, 36% of attacks on OT-connected organizations were ransomware. 

What can manufacturing businesses do to prevent ransomware attacks and limit their impact? Here are nine ways.

1. Train Your Employees on Cybersecurity

Ransomware attacks are predominately delivered by phishing campaigns, and this doesn’t just include emails – operations that added phone calls were three times more effective. According to a report by Verizon, 82% of data breaches involve a human element; therefore, training your employees on the types of cybersecurity attacks, associated threats and how to guard against them will help decrease the likelihood of an attack.

2. Backup Your Data and Have a Recovery Plan In Place

Backing up your data regularly won’t prevent an attack from occurring, but it will minimize the damage caused and give the best chance to help a business recover from ransomware. Don’t forget to protect the backup from other cyber threats too.

3. Conduct Regular Patching and Updates on Software Used Within The Company

Attackers will, more often than not, find entry points to company systems through software vulnerabilities. While developers will generally actively search for these vulnerabilities and release patches for them, 60% of companies don’t patch their systems on a regular basis. But by patching and updating the software regularly, businesses can strengthen and safeguard against any potential weaknesses. 

4. Have the Appropriate Insurance In Place

Cyberattacks like ransomware are not covered under a traditional business policy. Instead, it will be a dedicated cyber insurance policy. Cybersecurity insurance policies may help cover the financial losses that result from cyber threats and help with other costs the business may incur with remediation, including legal assistance, investigators, crisis communications and customer credits and refunds.

5. Implement or review your Bring Your Own Device (BYOD) Policy

According to ProofPoint’s State of Phish report, 74% of survey respondents said they use one or more of their own devices for work-related purposes. If your employees are using their own devices, consider implementing a BYOD policy, and if you have one already in place, review it for potential vulnerabilities. 

6. Invest In Password Security and Multi-Factor Authentication

Usernames and passwords, also known as single-factor authentication methods, are no longer a sufficient security control measure. Many tools, such as password generators and password managers, are available to help manage and maintain the number of login details; however, it is also worth considering investing in 2nd Factor Authentication (2FA) as an additional layer of security. There are several types of 2FA, such as SMS, digital certificates based on PKI technology, biometrics, and soft and hardware tokens, to name a few. There are pros and cons with each method that should be evaluated on a number of factors, including usability, cost, and risk of breach.

2FA provides an additional layer of protection by requiring the user to provide additional credentials, which is becoming even more popular as more and more corporate recourses are being accessed outside the network perimeter. Additionally, as privacy laws and high-stakes B2C applications come online, 2nd-factor authentication credentials are becoming more the norm than the exception.

7. Secure Your Emails with S/MIME

Many social engineering tactics are used to execute a ransomware attack, but more than 90% are performed through phishing emails. Organization emails can be protected with a protocol called S/MIME. 

S/MIME uses Public Key Infrastructure (PKI) technology and can protect emails that are sent from your company in three main ways; by providing strong assurances when backed by a trusted Certificate Authority of the sender’s identity protecting the communication’s confidentiality while in transit on mail servers through the use of encryption and message integrity through validation processes that can ensure the message wasn’t altered. 

8. Complete regular security audits

An internal and external security audit should be conducted on a regular basis to continuously monitor activity, assets and deployment of technologies to contain threats. Each audit will be unique to an individual organization, and the following list is not exhaustive of all the options that should be covered. Reviews should include; data security, operational security, network security, system security and physical security.

9. Have an Incident Response Plan and Team in Place

So far in this article, we have covered the ways in which you can actively put procedures and technologies in place to limit the likelihood of a ransomware attack from occurring, but what happens if your organization does fall victim and become infected?

Having an Incident Response Plan (IRP) in place will reduce the impact of how such an attack affects the business. The IRP should be drafted, by a chief information security officer (CISO) or by a committee (also known as the Incident Response Team (IRT)), in preparation for such an attack and rehearsed. 

Cybersecurity measures against ransomware are essential

Last year, for the first time since 2016, manufacturing was the most attacked industry, with ransomware being the number one attack type. With the number of manufacturing organizations growing annually by approximately 3.8% (on average), it is essential to introduce cybersecurity measures. Should an unfortunate event occur, and your organization does become infected with ransomware, all the above steps should help to minimize the impact.