In the last year, large manufacturers have been hit hard by cybersecurity attacks. In August of 2023, Clorox disclosed an incident in its Form 8-K filing with the Securities and Exchange Commission that forced the company to take certain systems offline, with a material impact on the company’s operations. Overall, the company reported approximately $49 million in costs related to the incident. Nevertheless, manufacturing companies continue to put cybersecurity on the back burner of priorities and budget spend—to their own peril.
We spoke with Sarah Sargent of Godfrey & Kahn s.c. about the top five most common cybersecurity questions her law firm hears from manufacturers and what they can be doing to improve data security in the manufacturing industry.
Why should manufacturing companies care about cybersecurity?
As seen by Clorox’s incident, cybersecurity incidents such as ransomware attacks often require forensic security firms, lawyers, and IT restoration providers to investigate and remediate an incident—at significant expense. Additionally, cybersecurity incidents can cripple a manufacturer’s ability to conduct business. Manufacturers often rely heavily on computer systems and technology in their plants and production processes. If employees cannot access those systems, it brings production to a standstill, which can have significant revenue implications.
Why would a threat actor target a manufacturer?
Threat actors (or hackers) do not discriminate based on company size or industry. If they believe you might pay a ransom or have valuable information they can steal and sell, you are a target. Threat actors also frequently attempt to intercept wire transfers, which most companies utilize on occasion. It can also be easy to forget that manufacturers possess employees’ personal information, sensitive intellectual property, and confidential business data. All this information can be valuable to a threat actor.
What unique risks should manufacturers consider when making cybersecurity plans?
Often, manufacturers employ at least some production line employees that don’t have job functions to perform if the production line is shut down. Leadership teams should decide what they would do with this segment of employees in the event of a cybersecurity attack that shuts down production. Is there another function some employees could perform? If not, would the company ask employees to take PTO? Manufacturers should work with legal counsel to determine how to handle such situations before an incident occurs.
When planning for a cybersecurity incident, manufacturers should also prioritize which IT systems and functions are critical to production. Long before systems are shut down or encrypted by ransomware, the company should have prepared a list of which systems to restore first. Additionally, the company should have emergency contacts for any vendors that are needed to restore critical production systems. This will help speed up restoration efforts to get production back online and help shore up supply chain security.
Manufacturers should also have a process for verifying and vetting any new customers. Threat actors often pose as another company (usually a large corporation) and place an order with payment due when the product is shipped. Threat actors can then resell the products without ever having to pay for them. To combat this, companies should have a process to verify the identity of any new customer.
What are the most common cybersecurity mistakes manufacturers make?
All too often we see instances where cybersecurity is just not a priority for manufacturers. Sometimes this is evident in how slow the company is to adopt and roll out security measures or in its lack of cybersecurity training for employees.
Another common mistake is not conducting incident response planning. When a company does not identify who is in charge of handling an incident or what steps should be taken, it can significantly slow down the investigation and recovery process. This leads to longer downtime and higher costs.
What are some best practices manufacturers should follow to increase and improve data security in manufacturing?
Manufacturers should properly invest in cybersecurity. The company should have an incident response plan, and the plan should identify which vendors—for instance, law firms and forensic security firms—the company will use in an incident. The company should also practice the incident response plan through tabletop exercises (or mock security incidents) with their law firm. These help prepare the company for handling a real incident.
Manufacturers should regularly undergo third-party security audits and promptly remediate any identified risks. Audits help the company ensure that they are staying updated in the latest security measures to prevent incidents.
In summary, all companies (including manufacturers) should prepare for cybersecurity incidents.
For more information about cybersecurity, contact Sarah Sargent and Godfrey Kahn’s Cybersecurity and Privacy team at [email protected].
Don’t let threat actors catch you unprepared. NetDiligence has a suite of resources to help mitigate modern day cybersecurity risk to your organization. Contact us via our website to learn more.