When businesses hear business continuity or disaster recovery, they think of a catastrophic event such as a natural disaster or political upheaval. Depending on its location, a company may consider a disruption of services such as a power loss a part of business continuity planning. But, today’s manufacturers need to consider cyberattacks, including insider attacks, in their business continuity plans.
Approximately 48% of manufacturers have experienced some form of cyberattack. About half of those companies suffered financial loss or disruption in business operations as a result. The manufacturing industry may not realize it, but it has become the most targeted industry for cyberattacks. Yet, most businesses do not include an explicit continuity plan for their IT assets.
Why is Manufacturing a Target?
Because the media tends to report on data breaches that impact consumers, the manufacturing industry may not view itself as a target. That’s not true. The primary motives for cyberattacks on manufacturing are financial gain (53%) and industrial espionage (47%). In manufacturing, 86% of the cyber-attacks are targeted. Professional hackers (threat actors) are looking for opportunities that will ensure a substantial return on investment. Manufacturers can provide that larger return because they have:
- Intellectual property
- Security intelligence
- Supply chain vulnerability
Threat actors are looking to steal information on products, processes, or technology that is of value, whether it’s to a competitor or a country.
Intellectual property includes inventions, designs, brand names, or processes. It is the secret sauce for a Big Mac or the recipe for Coca Cola. Although intellectual property is protected by patents, copyrights, and trademarks, it is not protected against cyberattacks.
Not all manufacturers are the target of hackers looking to compromise a business or create havoc. Professional hackers may be looking for information that can be sold on the black market. Never think your company is too small to be a target. A small business that makes a keypad for utility companies can be a target if the schematics could help bypass security at multiple utility companies or financial institutions. Companies that perform work for a government are especially targeted. What foreign power wouldn't be interested in another country's defense or weapon systems?
According to Secureworks, the amount of time it takes to address an intelligence-based attack has increased by 500% since 2016. That means the attacks are becoming more sophisticated, making them more difficult and costly to resolve. The estimated cost to resolve a data breach in 2019 ranges from $1.25 to $8.19 million.
Supply Chain Vulnerability
A very small number of global attacks occur because of a supply chain vulnerability, but they can be the most destructive. A threat can be injected into any point in the supply chain. It can then be spread throughout suppliers. The level of replication is one reason supply chain vulnerability is the most costly to contain. Combining high-value targets with known vulnerabilities makes manufacturing a prime target.
Why a Cybersecurity Continuity Plan?
Business continuity refers to how a company plans to return to full operation after a disruption in operations. It differs from a disaster recovery plan in scope. A disaster recovery plan focuses on bringing a company's critical services back into operation as quickly as possible. A continuity plan is concerned with returning an organization to full operation after a disruption in service.
Most business continuity and disaster recovery plans assume that IT is not the source of the disruption. The plans assume that IT will return to full operation once the outage is resolved. But, what happens when a company's IT infrastructure has been breached? How does a business recover when the failure impacts every aspect of operations?
That's why it is crucial to have a business continuity plan for cyberattacks. A plan that considers the following:
- What are the possible threats?
- What is the impact of each threat?
- Is it possible to mitigate a disruption?
- How will full operations be restored?
These cyber-specific concerns are in addition to the areas covered in a traditional business continuity plan.
Look at every device connected to the network. That includes the environmental sensor on the factory floor as well as laptops and cell phones. It’s unlikely that a sensor poses a severe threat, but if it is connected to the network, it needs to be included. It’s hard to protect against something that was never identified. And, yes. This process is going to take time -- probably lots of time. But, weigh that against this statistic: 60% of small-to-mid-sized businesses fail within six months of a cyberattack.
After the possible threats are identified, determine their impact on operations. What happens if a software update to a factory floor device contains malware or ransomware? Are factory devices isolated so the threat can be contained? Or, someone opens an email attachment -- no matter how many times they've been told not to -- and releases a virus. How quickly will that virus move through the network? Be sure to prioritize the different scenarios so the most catastrophic ones are addressed first.
Once threats and their corresponding impacts are known, how can these potential attacks be mitigated? Are there ways to segregate your devices to contain the threat? Does the process for testing updates and fixes prior to installation need revising? Should ongoing training be used to remind employees of security practices? Does the network security need to be strengthened? Stopping an attack before it happens or limiting its impact are the best ways to ensure business continuity.
Return to Service
Every continuity plan needs a procedure for returning to full operation. Using a systematic approach allows for a fall-back point in case unresolved issues appear as service is restored. It is important to ensure that the infrastructure is stable at each point in the process. No one wants a repeated disruption in service. Disaster recovery sites can help mitigate the disruption in service to allow a controlled return to full operation.
How Knowledge Management Tools Can Help
Whether you enlist the help of a cybersecurity expert or a disaster recovery planner, either will recommend the following as ways to mitigate the impact of cyberattacks:
Educate Employees - Make sure every employee is trained on what to look for when opening emails or installing software updates. Show employees how to detect changes in equipment performance that might indicate cyber attempts. Keep the training current and repeat as needed to keep up with technology.
- Revise Procedures - Take time to review and revise all processes. Define how and when the documentation will be updated so it stays current. New ways to commit a cyberattack are created daily. Don't let your process fall behind.
The right platform can facilitate the review of existing procedures and streamline the updating process. It can provide the necessary training in ways that engage employees. To learn more about how a platform best supports your continuity planning, contact us.