Manage episode 296473964 series 1107025
We've got a new study out, and its showing that one in five manufacturing companies are not only targeted by cyber attacks, but are getting nailed and getting nailed badly.
[00:00:19]This is a bigger problem, than I think most of us realize, and I have a few manufacturing clients who have been nailed badly by cyber attacks. Very badly. There is a new study out that looked at this it's called the manufacturing cybersecurity. Index. And this is a report that has the results of surveys of 567 manufacturing employees.
[00:00:50] Now that is quite a few and most of these people were in fact, in the it side of things, some of them were specifically in the cyber securities. That one was most interesting about this. Isn't the fact that just that one out of five manufacturing companies is targeted by cyber attacks, but what the response, what the thoughts of these people that run the companies are.
[00:01:18] And I say that because I am just constantly amazed at how businesses just are not paying attention to this, and this is proof again, and here's what it is. Information stealing malware makes up about a third of attacks, but companies are worried about what ransomware, the worried about ransomware shutting down production.
[00:01:46] That is a very big deal because of course it does, but what is going to hurt you more? And that's what you got to figure out. That's what companies have to really look. These numbers that we're looking at are according to this article I'm reading at a dark reading, which is a great site. If you haven't been there before, and you'd like to follow some of these things in the cybersecurity world, definitely check it out.
[00:02:15] Dark reading, very easy to very easy to look at lots of good stuff. But Robert limos is a contributing writer over there. And he's the guy that wrote that. And so he is saying that more than one third of all manufacturing firms are attacked every month. That's absolutely amazing. Now, of course not all manufacturing employees really know when a company is being attacked, but ransomware attacks that they know, because usually that means much of the company is shut down when it happens.
[00:02:54]Because ransomware attacks have this major impact on the business and the other types of attacks. information most of the time companies never find out unless it's too late again, it's usually ransom or extortion. They're two sides of the same coin. So an extortion attack might be where they get onto a network.
[00:03:19] Exfiltrate data. And then they say, Hey, listen, we've got all of this data. Do you want us to post your bank, account numbers, customer information, your intellectual property, your plans, whatever it is, you want us to post them online? Huh? And if not pay out. Okay. So this is, I think a very big problem.
[00:03:39] There are major blocks between it information technology and security teams. And I also have to point out that most it decisions nowadays most what would normally be an information technology decision is actually being handled by a line of business matters. Who chose the software you're using to track your customers?
[00:04:06] It was probably the sales guy, right? There's the, it's not, the CEO is not the it director. It's the director of sales or marketing or the accounting people who decided to use QuickBooks online as opposed to using something else. All of these types of decisions are out of the hands of it and are way out of the hands of the cybersecurity.
[00:04:34] That's because of this massive changing landscape out there. It's absolutely huge. Now there's a survey also of 250 information technology workers, and they found that 61% of the companies experienced a cybersecurity incident affecting their factories. 61%. Of manufacturers had a cybersecurity incident that affected the factories and three quarters of those incidences took production offline.
[00:05:07] That's according to another report that came out in March, just mindblowing. Isn't it. So ransomware accounts for only 13% of these attempted attacks on devices. But the information thieves account for 31% of the attacks and file us attacks account for 28%. So here's a quote from morphous sec. These are the guys that produced the first report.
[00:05:37] I mentioned, although these sobering threats are certainly not limited to the manufacturing industry, cyber attackers are acutely aware of the data manufacturing facilities have on hand, right? Think about all of that data, think about all of the intellectual property. So it goes on. In fact, some cyber crime groups have even been using ransomware as a smoke screen for cyber attacks, designed to steal intellectual property, increasing the damage they can inflict in the long run as they bully victims.
[00:06:12] By threatening to leak data if they don't pay. Now, I've warned about that before. If you've got something that looks like a ransomware attack happening, pops up on your screen, it's got that classic red screen ransomware page. That may just be a smoke screen. You may not have ransomware.
[00:06:31] Your files may not be encrypted because what most of these guys nowadays are doing is making additional money offers, stealing your files solid. It depends on the group and this isn't what dark side does, but some other groups do and they can really socket. Ever since the authorities disrupted the emo tech network in January, we've seen attacks split into and smaller groups are increasingly working together in new ways.
[00:07:00] And these highly targeted groups are very dangerous because they can execute multi-faceted attacks, giving the collective expertise. Again, it's just like business. If you're trying to sell something, you need to narrow down and you need to get as narrow as possible. And that means the cyber groups are specializing in a specific industry and they're specializing in a specific way.
[00:07:29] To attack. This is really fascinating. And there's a few reports that come out every year. Verizon has a very good one on cyber attacks. Statistics. IBM has one gardener of course always does their little thing on the side. Those tend to be, and more narrowly focused, but this is the first time we've seen this report.
[00:07:51] So we don't have any sort of comparative data from prior years. But what the, what these guys are saying is that in that the pandemic has shifted attack trends and ransomware has grown from single digit percentages to 13%. As I mentioned already, almost two thirds of surveyed employees believe that the chance of a breach increased because of remote work.
[00:08:19] And we know that's true. BI has been warning about that. We've seen it again and again. So be very careful. Okay. Most of these manufacturing companies have had people working from home during the lockdown, nearly two thirds said that it has increased the risk of a breach. And let me tell you, it really has.
[00:08:40] And so keep all of that in mind, if you are in manufacturing or if you're concerned about our manufacturing base here in the us man, is there something to be worried about? And that's a shame. How do we conduct business? How do we keep our economy going? If our manufacturers are getting knocked down or getting knocked out of the game, Hey, visit me online.
[00:09:04] CraigPeterson.com. You'll find all of this all on my podcast and much more.