Manufacturing, just like any other industry today, relies on computer networks to house everything from trade secrets to customer information. Unlike other industries, however, manufacturing is the target of a particular information security threat: cyber-espionage.
In fact, Verizon’s 2016 Data Breach Investigations Report (DBIR) revealed that manufacturing is the second-most targeted industry within the United States (the public sector being the first).
In order to protect your business, it’s essential to understand why manufacturing networks are most vulnerable to cyber-espionage, and how best to handle these threats.
What is Cyber-Espionage?
It’s just what it sounds like – spying that takes place digitally. The crime often involves stealing a company’s valuable and private information, including email conversations, documents, and even prototype designs, to use for a competing business (or group of businesses). As more and more companies are storing high-value information online, and using digital systems to track and manage production, the threat of cyber-espionage is a serious one; especially across competing national economies.
Two Types of Cyber-Espionage
As a business owner, it’s important to watch out for two common types of cyber-espionage: intrusion and interception.
Intrusion involves hackers entering your company system, whether physically or remotely – think of this as a digital breaking and entering. While it’s helpful to install protective patches and updates to your various software, cyber-espionage can also come via deceptively trustworthy sources (a technique known as phishing). In 2010, Chinese hackers were accused of stealing business intelligence from U.S. Steel on behalf of Chinese companies. The cyber attackers had slipped into the company servers through masterfully cloaked spam emails. Emails designed to look like they were from the company’s CEO contained a link to malware, which some employees clicked – giving the hackers access to host names of 1,700 servers which controlled U.S. Steel’s networks and facilities.
Interception occurs when data is compromised as it’s moved from one node to another – think of this as stealing a message in transit. These attacks can include phone tapping, interception payments and shipments, and leaking information during data transfers. While these describe the two most common forms of cyber-espionage, don’t underestimate the various possible source points for penetration.
Tips to Protect Your Business from Cyber-Espionage
Taking steps to prevent an attack on your organization involves assessing your current networks, identifying potential weaknesses or vulnerabilities, and implementing strong preventative measures. Here are a few good protective actions to start with:
- Understand your specific threats. According to the DBIR report, 90% of cyber-espionage breaches analyzed (out of 154 total) involved the stealing of proprietary information. Intellectual property is also a top target; this could include marketing strategy for a brand manufacturer, or production processes for a commodity component manufacturer. Identify which aspects of your company’s assets would be most valued by others – and build up security for those relevant systems.
- Implement endpoint protection. When it comes to protecting against malware, organizations have a variety of options to choose from. Suggestions range from updating browsers and plugins to Data Execution Prevention (DEP), and Endpoint Threat Detection and Response (ETDR).
- Protect emails. A whopping 68 of the 154 cyber-espionage cases Verizon analyzed involved phishing. Bulk up your email security by incorporating blocked email lists, spam protection, and static/dynamic email attachment and URL analysis.
- Invest in employee training. The phishing scheme that employees fell for at U.S. Steel points to a harsh reality – employees may not realize when they’re a pawn in a cyber-espionage attack. Phishing doesn’t come only from emails, but through any seemingly trusted source; like Google Drive, or LinkedIn. Teach your employees how to recognize phishing scams, whether through general meetings or more formal security awareness training. Empower staff members at all levels of your company to protect valuable information.
Turn to the Experts
Because cyber-espionage is so prevalent in the manufacturing industry, and because it’s often executed by very experienced hackers, the best thing you can do is to consult a security expert to help keep your organization protected. From information security audits, to network design and architecture, Sentek Global has a team of professionals equipped with the knowledge, experience, and advanced skill sets necessary to prepare your business against cyber-espionage threats.
A company that specializes in cyber security can identify vulnerabilities in your networks that you didn’t even know to look for; and because experts are always keeping up with the latest trends and advancements in the industry, you can trust that the protections they implement are top-notch. When it comes to cyber-security, it’s important to have reliable allies at your side. Contact us to discuss how we can partner with you to keep your data, communication networks, and business intelligence secure.