Why Cybercrime is a Legitimate Threat to Job Shops

Big data, robotics, and the Industrial Internet of Things (IIoT) have fully entered the manufacturing space, and connected devices such as computers, printers, equipment, and various networks play a major role in streamlining operations and creating efficiencies.

Sensor data and other information can be displayed on monitors, dashboards, and mobile devices, giving real-time access to individuals across the job shop floor or across the country. This type of “smart” manufacturing creates greater visibility across departments so that owners, operators, schedulers, and the front office can make better, more informed decisions.

But is all that valuable data also visible and accessible to cyber criminals? Increasingly, manufacturers must be vigilant in protecting their systems from the threat of hackers. These criminals seek not only to steal data, but may also install ransomware and interrupt production, potentially suspending operations until their demands for payment are met.

How Real is the Threat?

With a growing list of major cyber attacks making national headlines, some manufacturers consider themselves less desirable to cybercriminals. However, manufacturers ranked #2 among most cyber-attacked industries in 2016, only being beat out by the healthcare industry. That number will only get larger as more organizations adopt more robust technology and hackers become more insidious.

Many manufacturing systems were designed to increase efficiencies and not necessarily made to be secure, and small and medium-size businesses (SMBs) are especially at risk. Hackers know most SMBs are inadequately equipped to implement data security measures due to limited resources and knowledgeable IT personnel, making them prime targets. And the numbers back it up; according to the 2016 State of SMB Cybersecurity Report, half of all small businesses in the United States have been breached.

What’s at Risk?

Hackers know that the key to any job shop’s success is its production schedule, so installing ransomware to impede a company’s ability to meet deadlines and deliver products in a timely manner can leave a business owner desperate to give into the criminal’s demands.

Any system that is connected to online networks is susceptible. Once a hacker gains access, the types of data contained therein are free for the taking, including employee and customer records, account numbers, personal identifying information, pricing, and even proprietary information that could improve a competitor’s market position. Securing the following systems is imperative:

• Websites. Both publically available information and password-protected employee or customer portals are at risk.
• Email. This is one of the most easily accessible entry points for cyber criminals. Unsuspecting employees who mistakenly click on a suspicious link or succumb to phishing scams continues to be the number one way hackers access systems.
• Mobile Devices. A lost laptop or smartphone can give easy access to any of the data, applications, or networks it contains.
• Wifi. Using a wireless internet connection—especially unsecure public Wifi—or those with poor passwords, presents opportunities for potential data breaches.
• Printers. Increasingly, all-in-one multifunction printers that scan, email, fax and more are targets for hackers because many businesses fail to engage proper security measures.
• Servers and Networks. Computers and systems, including accounting software, CRMs, ERPs and a host of other networks are targets.
• Third-Party Vendors. Many vendors are entrusted with sensitive data, so ensuring they comply with proper security protocols is critical.

What Can Job Shops Do to Prevent Cyber Attacks?

A March 2017 survey published by Manta revealed that one in three small businesses don’t have tools in place to prevent a data breach. Enlisting the help of IT professionals—whether in-house or in a consultative role—will help to mitigate the risks. They can ensure that proper tools are in place, including firewalls, upgrades, anti-virus software, spam filters, data encryption tools, swipe to scan technology, password-protection, and more.

Additional measures include:

• Vetting vendors. Develop trusting relationships and ensure vendors—especially those implementing your ERP, CRM, MES, accounting, and other connected systems—have adequate protection.
• Testing. Work with an experienced consultant to help expose any vulnerabilities.
• Planning. Proactively work with a consultant to determine a response plan should a breach occur, as well as a disaster recovery program.
• Training. Insist that each employee undergo training to detect phishing scams, improve password security, and help prevent potentially devastating data losses or viruses.

Cybercrime is on the rise, and no small business is immune from the risks, especially those that adopt data-driven manufacturing practices. Wipfli can help your job shop with the transition to big data, and is fully engaged in the battle to defend its systems and your organization from cyber attacks. Reach out to a Wipfli expert today to learn more.