On March 8, 2020, when the U.S. reported 550 cases of COVID-19, Nidhi Turakhia learned her company suffered a disastrous infection—but it wasn’t the novel coronavirus. The vice president of Allied Alloys was told “threat actors” had penetrated the company’s management system provider’s (MSP) data center network, and gathered sensitive data on all of the MSP’s clients.
The attackers removed antivirus software and began encrypting the MSP’s backup system. They deployed ransomware to encrypt the data center and locally at client sites via existing virtual private networks, affecting users’ workstations. “We lost six months’ worth of data, and [the attackers] asked our IT company to cough up 800 grand to get all that data back,” Turakhia, who holds ISRI leadership positions including co-chair of the Council of Chapter Presidents, remembers.
Allied moved IT management services to another MSP. Allied’s former MSP hired a third-party digital forensics company to collect, process, preserve, and analyze computer-related evidence. The FBI opened an investigation. But there still is no definitive answer to how the attackers gained access to the entire MSP system. Turakhia says most likely a domain admin-level account was compromised, either by a malicious email link or tech application vulnerabilities.
Through its membership in the National Association of Manufacturers, ISRI is offering members a way to get the cyber target off their backs: NAM Cyber Cover. It brings a leading cyber insurance provider, Coalition, together with a nationally recognized broker, AHT Insurance, to identify, protect, and manage the unique exposures facing the industrial and manufacturing industries.
On June 29, ISRI sponsored a webinar, Protecting Your Business from Its Biggest Threat: Cyberattack. Moderated by Commodor Hall, ISRI’s senior director of safety, speakers included Turakhia; George Forrester III, partner at AHT; Richard Gatz, claims counsel at Coalition; Megan Griffanti, account manager at AHT; Edward Kangeter IV, CEO of CASS Inc.; and Mylon Staton, founder and CEO of DataLink Interactive.
Vulnerabilities to Attack
According to IBM’s 2021 cyber threat intelligence report, manufacturing was the second-most-attacked industry in 2020, behind financial services. Ransomware attacks made up 23% of disruptions, followed by data theft and server-access attacks. Sodinokibi aka REvil ransomware alone made hackers at least $123 million in profits in 2020 and let them steal around 21.6 terabytes of data.
Ransomware, funds-transfer fraud, and email hacking comprise 87% of claims reported to Coalition, Gatz says. Of those, 54% start through email. Remote access, like a remote desktop protocol, is the second-largest attack vector at 29%. Social engineering, manipulating people to reveal personal information, is the third-largest claim at 6%. “To be clear, 60% [of attack causes are] human error. This includes using stale passwords, phishing, and social engineering,” Gatz states. “And 40% can be seen as weak security. Arguably, both are preventable.”
Forrester says operational technology on a facility floor can also be vulnerable to digital intrusion. “You can have workers getting injured or machines getting damaged, or other property loss,” he says. The average claim size for Coalition’s small- and mid-sized businesses industrial policyholders is $130,000.
On average, there’s a cyberattack every 39 seconds in the U.S., and this should be a top concern for all organizations, Griffanti says. “The White House recently warned American businesses to take proper security measures to protect themselves, since hackers have shifted their tactics from stealing data, to now really disrupting infrastructure,” she states. Griffanti cites the May 7-12 shutdown of the Colonial Pipeline oil network on the East Coast, and the release of employee details from the Washington, D.C., Metropolitan Police Department’s network in April and May—two high-profile recent examples of ransomware assaults.
“Typically you may not know that [hackers] launched an infection for six months. It’s because they know, over time, the chances of your backups being good are going to be worse,” Staton says. Beyond antivirus and malware programs, cyber protection should include active monitoring and “a system that will recognize operating system changes as they happen, and when they do happen [the monitor will] notify your network engineer or a network operations center of that change, so you can take effective action at that point in time,” he advises.
Turakhia suggests ways to make businesses more secure from digital intrusion:
- Get the right insurance coverage;
- Train employees about digital threats and appropriate response;
- Add email warning notifications;
- Include web filtering;
- Schedule routine antivirus scans;
- Move to cloud-based servers or hosts, and;
- Add multifactor authentication, where a combination of password, smart token, code, or biometric information like a fingerprint is needed to log into an account.
CASS, whose network was compromised by Emotet malware delivered in email, recommends similar steps, including:
- Hire a professional, third-party to audit your existing cybersecurity system.
- Have your backup data separate from your network, with a minimum one months’ worth of data stored offsite.
“In retrospect, we thought we had a good program and we, by most people’s standards at that time, did have a respectable program,” Kangeter says. “But it was not as sophisticated as the threat, and the threat is constantly evolving.”
NAM Cyber Cover
After a recent audit found weaknesses in ISRI’s network, the association moved to a standalone cyber insurance policy. “I think what is different about cyber insurance that we learned is that we did need a good partner,” ISRI President Robin Wiener says. “We needed someone who would be the backup for us and help us if there were a problem, but also make sure to help us with prevention.”
ISRI became a member of NAM Cyber Cover in March. When ISRI members join, the association receives a portion of their signup fee. ISRI members also get a program discount. The program includes:
- A free cyber risk assessment that identifies weaknesses in your company’s IT network;
- A patch manager that scans your systems 24/7 for out-of-date software and weaknesses. You receive immediate alerts when something unusual is found, and;
- A threat monitor checking for new outside risks that notifies you before damage can be done.
ISRI members receive broadened coverage and limits; a threat-response team on standby to investigate and mitigate incidents; ransomware negotiation and recovery of lost or maliciously encrypted data; and educational tools for employees.
Image courtesy of BrownMantis on Pixabay.