Prepare a cyber defence

Life was so much simpler when computers were subject to malware attacks from worms that infiltrated e-mail systems, stole Outlook contacts and allowed anonymous felons to plague friends, family and business associates.

Computer systems and the data they manage are now subject to much greater risks thanks to state- or otherwise privately supported interlopers who have elevated hacking to a sixth-column of hybrid warfare between states and/or business interests looking to either disrupt operations or steal intellectual property, trade secrets and other sensitive business information.

As governments scramble to get ahead of the geniuses that are relentlessly poking and prodding sophisticated barriers looking for a way in, manufacturers need to be aware of the threat to their businesses and place cyber security high on the action list. The need to address this issue is especially pressing for companies that in addition to protecting IT systems, also adopt smart technologies to access sensitive business and plant information that resides on the ground or somewhere in the “Cloud” using tablets, laptops, cellphones and other devices anywhere, any time, in real time.

Last year’s incursion into the National Research Council’s system by what Canadian authorities are identifying as China-sponsored hackers served as a flashing red alert for manufacturers. The intruders were lurking in NRC’s client information, shopping for innovations and competitive information. The IT system had to be shut down and isolated, and now the Harper government is looking for $32.5 million to finance a new NRC telecommunications and IT strategy.

A Fraser Institute report (Cybersecurity Challenges for Canada and the United States) provides a comprehensive look at the issue and it advocates greater cooperation and sharing between the two trade partners.

There is certainly common cause and the cost to business is astronomical.

The think tank references a 2014 study by the Center for Strategic and International Studies (CSIS) on behalf of McAfee, the security software firm, which estimates the global cost of cyber incursions at between $375 billion and $575 billion. Other studies place the damage much higher (in the trillion-dollar range).

CSIS says the cost to Canada appears to be much lower than the cost to the US (0.17% vs. 0.64% of GDP), but suggests the gap may be exaggerated by a lack of systematic data and under reporting.

Another McAfee study involving IT pros pegs the average cost of a breach and loss of intellectual property at $600,000.
Verizon’s 2014 Data Breach Investigations Report (www.verizonenterprise.com) – based on 63,000 incidents in 95 countries – offers a helpful list of the most common attacks. Manufacturers should be especially aware of the following and what to do:

• Crimeware (use of malware). Patch anti-virus and browsers. Disable Java in the browser. Use two-factor authentication. Implement configuration change monitoring.
• Web app attacks (on content management systems or e-commerce platforms). Use two-factor authentication. Consider switching to a static CMS. Enforce lockout policies. Monitor outbound connections.
• Cyber espionage (state-affiliated, targetting intellectual property). Ensure that servers are patched promptly and only give access to people that need it. Segregate key servers. Test your anti-DoS service. Key operations teams need to know how to react if there is an attack.

Be vigilant. Think of cyber security as a shifting target. Continually assess your level of risk, evolve your security measures with developments on the battlefield and don’t let your guard down. Cyber malefactors are like super bacteria: they’re relentless and won’t be put down for long.