You are a hacker’s target: What you need to know
By Imran Ahmad and Katherine Barbacki
Innovation & Technology Manufacturing cyber attack hackers manufacturing RansomwareBeing prepared reduces the risk and minimizes the impact of a cyber attack.
Respond quickly to cyber attacks. PHOTO: ADOBE STOCK
There has been a marked increase in cyber attacks on organizations of all sizes, with ransomware being the leading threat for manufacturers.
It costs hackers almost nothing to launch an attack, and there’s potential for a major payday if they are successful. This is because hackers can easily infect a desktop, a server or an entire network – typically through a simple phishing e-mail – and completely paralyze operations in a matter of minutes. And they look for payment in an untraceable cryptocurrency (such as bitcoin).
As manufacturing becomes more complex and increasingly dependant on technology and data, the risks posed by ransomware attacks should not be taken lightly.
Ransomware is a type of software that infects a computer, a server or an entire network and encrypts the data. There’s typically a demand for a payment in exchange for the decryption key that recovers the data. Often, an end user who mistakenly clicks or opens a malicious link or file installs ransomware.
Because of the sophisticated nature of certain new types of ransomware variants, hackers are successfully bringing manufacturers’ operations to a standstill until payment is made. This is happening despite manufacturers making significant investments in IT security, processes and technologies. Often ransomware infects backups, rendering them useless. This presents an unpleasant dilemma: refuse to pay and be offline for a prolonged period or pay and get right back to business.
Putting aside the ransom amount, the greatest impact comes from the costs related to recovery and business interruption. For example, Norsk Hydro, a global aluminum producer, was the target of a devastating ransomware attack that has so far cost the company approximately $73 million. It paralyzes IT systems and forced the company to temporarily shut down certain production plants. Similarly, a recent attack on Asco Industries, a global aerospace company, was targeted by an attack that affected a major part of its operational activities, especially plants in Belgium, Canada, the US and Germany, and caused a month-long reduction in production.
Crippling attack
Some companies have paid large ransoms, resulting in lengthy and expensive restoration efforts, and costs arising from the interruption to business.
This is not solely an IT issue and no technology immunizes a business from a potential attack. But there are specific steps you can take to lessen the likelihood of a crippling attack.
Here are six tips:
1. Check your backups. Make sure they can be used for quick restoration, that they’re segregated and that the backup is done frequently (daily if possible). Backups on tapes are generally ineffective and time-consuming.
2. Have a cyber incident response plan. Do you know what to do and who to call (police, IT service provider, your lawyer) when you receive a ransom note from the hacker? Don’t respond to the hacker yourself. Unsure? Revisit your response plan.
3. Get cyber insurance. Most cyber policies will offer extortion coverage, including refunding the manufacturer for any ransom payment. Review insurance coverage with your broker and understand what coverage is available. Insurance also provides access to cyber specialists (lawyers, forensic firms, crisis communications firms). The advantage is they’ll have been vetted by the insurer and have pre-negotiated rates.
4. Figure out your cash situation. Hackers will likely want to be paid in bitcoins. Firms that make the payment on your behalf will need to be paid upfront. Determine whether you can quickly wire funds, if needed.
5. Communication with customers. If the business is offline for a material period, have a plan for what you tell customers. Ensure the incident doesn’t have a long-term, negative impact on your relationship.
6. Employees are the weakest link. After an attack, most forensic investigations reveal that “patient zero” was an e-mail received by an employee who clicked on a suspicious link or file. Employees will make mistakes and that’s okay; however, they need to know they should report the mistake quickly and to the right people, without fear of losing their job. Regular training is key to educate them on proper cyber hygiene and protocols.
Ransomware attacks will only increase in frequency, complexity and impact. Understand what needs to be done, in what sequence and by whom. Preparation goes a long way to minimize their impact.
Imran Ahmad is a partner at law firm Blake, Cassels & Graydon LLP in Toronto. E-mail imran.ahmad@blakes.com or call (416) 863-4329. Katherine Barbacki is an associate at the firm’s Montreal office. E-mail katherine.barbacki@blakes.com or call (514) 982-4128.
This article appeared in the October 2019 print edition of PLANT Magazine.
