Protecting Manufacturers from Ransomware Attacks
There has been a surge in ransomware attacks in recent years and an even greater acceleration in the first half of 2021. Virtually every type of business is at risk, especially key links in the manufacturing supply chain.
For example, in May 2021, a high-profile attack temporarily shut down operations of the largest gas pipeline in the United States. The owners of the pipeline paid nearly $5 million in ransom to regain access to their servers.
Although the owners were eventually able to recover most of the Bitcoin transferred to the hackers, the lessons are loud and clear: Watch out for similar attacks on your company and take preventive measures to foil prospective hackers.
What Is Ransomware?
Manufacturers account for nearly a quarter of all ransomware attacks — more than any other industry, according to software company Varonis. Ransomware is malware designed to prevent access to a computer system or files until the user meets the perpetrator’s payment demands. Essentially, your computer network is “held for ransom” until those demands are met.
When ransomware was introduced in the 1980s, attacks typically targeted individuals, and payment was made through the regular U.S. mail. Today, high-tech criminals usually go after deeper pockets and often require ransom paid via cryptocurrency.
It doesn’t take much to be infected. Typically, the malware is sent through unsolicited emails as Word files or PDF attachments or a link to a website. When clicked, the attachment or link installs the malware on the user’s computer and, from there, infiltrates the network. Frequently, emails appear to be coming from a legitimate company your firm deals with or someone you know. In other cases, perpetrators pose as law enforcement officials or representatives of federal agencies, such as the FBI, IRS or U.S. Department of Labor.
Once a device has been compromised, the perpetrator has a foothold in your entire IT environment. Until your IT department detects the breach, the hacker is free to explore your network for vulnerabilities and sensitive data and to encrypt data indiscriminately. Then the hacker can demand a ransom for the decryption key needed to restore your access to the network.
How Can You Prevent an Attack?
Protecting your network requires key personnel to identify ransomware before it infects individual computers. Consider the following six best practices:
1. Train users to recognize red flags. Your workforce is your first line of defense against an attack. Employees and other network users — including suppliers and vendors that can access your system — should understand how ransomware attacks happen. Instruct them to exercise caution when opening unsolicited emails and searching the Internet. For example, they should know to report any suspicious emails to your IT department and to verify a sender’s email address before clicking on a link or opening a file.
Require your staff to participate in regular cybersecurity awareness training sessions. This includes assembly line workers, as well as those in the back office and managers. Consider testing methods that simulate actual ransomware attacks to help improve awareness and establish whether your training program is effective.
2. Install the latest IT security products. Take advantage of tools, such as antivirus software, firewalls and email filters. Give your IT department the authority and resources to implement a comprehensive cybersecurity plan
Cybersecurity is a continuous improvement process. An effective program is always at least one step ahead of the hackers. IT personnel may need additional training to stay atop the latest scams. For example, your staff may need extra training if your company has transitioned to remote working arrangements because remote sites can be more challenging to secure.
3. Stay current on updates. Ensure that all operating systems and applications are updated on users’ computers. If they aren’t, secure the latest patches from verifiable sources. Criminals launching ransomware attacks are known to prey on those with older, more vulnerable systems and applications.
4. Back up files. Perform frequent backups of your system and other important files. If a computer becomes infected with ransomware, you can restore your system to its previous state using backups if you catch the attack before the perpetrator encrypts the data.
Store backups on a device that’s separate from the network, such as an external hard drive or cloud account.
5. Obtain cyber insurance. Many manufacturers buy cyber liability and breach response insurance to fortify their defenses against losses from ransomware attacks. Professional and general business liability insurance policies generally don’t cover losses related to a hacking incident.
Cyber liability insurance can cover a variety of risks, depending on the scope of the policy. Typically, it protects against liability or losses that come from unauthorized access to your company’s electronic data and software. Certain modifications or addendums may be available based on the nature of your operations. For example, there may be policies customized for manufacturers in the health care industry.
Instead of purchasing a standalone cyber liability policy, you might add a cyber liability endorsement to your errors and omissions policy. Note that coverage through an endorsement isn’t as extensive as coverage in a standalone policy.
You should carefully read your cyber policies to understand what types of incidents are specifically excluded from coverage. Reminder: Cyber liability insurance is not a replacement for sound cyber security policies and procedures. Other well-resourced preventive measures can also reduce your premiums for cyber insurance.
6. Devise a formal plan. If your company is hit with a ransomware attack, will you pay the ransom? This is a high-level decision that requires a comprehensive analysis. Last fall, the U.S. Treasury department advised ransomware victims that they may be subject to sanctions and legal liability if they facilitate ransom payments to hackers. So, discuss your response plan with in-house IT personnel and outside financial, legal and insurance professionals.
Elevating Ransomware to a National Security Threat
Earlier this year, U.S. Department of Homeland Security (DHS) Secretary Alejandro Mayorkas announced that ransomware is now considered a national security threat that will require a “whole-of-government” approach and robust international cooperation. Mayorkas’ announcement signals a major elevation in priority under his leadership.
Since the announcement, DHS has helped coordinate a Ransomware Task Force (RTF) that includes organizations across the public and private sectors. The RTF recently published a report, Combating Ransomware: A Comprehensive Framework for Action, which emphasizes the national security threats that ransomware attacks pose to critical infrastructure, public health, and the loss of data and privacy.
The report reveals that 2,400 public entities were victims of ransomware in 2020. Ransom payments by private and public victims totaled roughly $350 million in 2020 — more than triple the total ransomware payments reported in 2019.
Other key findings of the RTF report include:
- In 2020, the average downtime from a ransomware attack was 21 days. The average time for an organization to fully recover from an attack was 287 days — more than nine months.
- The average ransom paid in an attack was $312,493 in 2020. This represents a 171% increase over 2019.
- In 2020, 51% of organizations had been hit by ransomware, and 73% of those attacks had been successful in encrypting data.
- Ransomware attacks are currently the most common cyber insurance claim reported.
The RTF plans to focus on ways to deter ransomware attacks, disrupt the ransomware business model, and help public and private entities prepare for and respond to these attacks.
Manufacturers can’t afford to ignore the ever-growing threat of ransomware. Kirsch CPA Group can help find cost-effective ways to minimize your risk and safeguard your data.
© Copyright 2021. All rights reserved.