The interconnectedness of operations, spearheaded by the Industrial Internet of Things (IIoT), has impacted everything from major manufacturers to the smallest machine shops, improving operational efficiency, communications and productivity. However, these great rewards also come with risks in the form of cybersecurity breaches and ransomware attacks.
Malicious actors target small machine shops, hack their systems and wreak havoc on operations. How can decision-makers strengthen cybersecurity and effectively fight the ransomware epidemic?
Sophos’ State of Ransomware in Manufacturing and Production 2024 report found that 65% of manufacturing and production organizations were hit by ransomware last year. This figure marks a 41% increase from 2020. Backing up critical data is the best way to recover it.
However, about 62% of manufacturers paid the ransom to retrieve their data, significantly more than last year’s 35 percent.
This is a costly proposition, as the average payment reached $1.2 million. The vast majority paid less than the original demand. However, the financial hit still may be too much for smaller companies.
Why would a malicious actor want to target a small machine shop? They may feel it’s an easy target compared to a larger company with a dedicated cybersecurity team. Many smaller businesses embrace digitalization and its benefits but may not be aware of the measures they should take to keep vital information safe. Hackers might think they can more easily infiltrate their systems and profit from cybersecurity gaps.
Risks that deserve attention
Small machine shops need to stay on top of cybersecurity if they want to remain competitive as they embrace new technology. In today’s world, conducting in-process testing is vital to ensure quality and performance standards and back-up critical information to the cloud to keep proprietary data safe. Identifying risks that could open the door to a ransomware attack can prevent a company from becoming a statistic.
Email and phishing – Many machine shops make a critical error by sharing passwords. This should be avoided at all costs. All employees —on the floor or in management — should have dedicated usernames and passwords to prevent the possibility of a breach. In addition, they should ensure that passwords are not predictable. The best thing to do is generate one with a random string of mixed-case letters, numbers and symbols. This makes it nearly impossible to crack and strengthens manufacturing cybersecurity.
Workers should also be well-versed in the dangers of phishing and be able to identify red flags because 91% of cyberattacks originate this way. Employees should report messages with an urgent or threatening subject line, misspellings or odd symbols, or demands for an urgent response to management. This is one of the best ways to prevent a potential attack and fight the ransomware epidemic.
CNC safety – Managers must map a machine shop’s network and computer infrastructure to assess potential risks and implement security measures. A business that loses track of what information is being used where and when is at greater risk of infiltration.
CNC machines can be targeted by malware, with potentially disastrous consequences. Faulty programming could create defective or even dangerous parts, which opens the door to lawsuits and reputational damage. Hackers may also be able to steal proprietary information this way.
The best way for small machine shops to combat this is through firewalls, which serve as barriers between a company’s computer network and the internet. They monitor all incoming and outgoing traffic, serving as a guard to keep the digital system safe from potential intruders. In addition, it’s vital to update all operating systems and software with any new patches for security flaws to address gaps.
Make it harder
Small machine shops can make it harder for cybercriminals to infiltrate their systems by segmenting their networks. This prevents the entire operation from grinding to a halt if it is accessed by an outside source, minimizing damage and containing threats. This quarantines a breach from the rest of the system, curbing a ransomware attack.
Although network segmentation is an effective strategy, it is not a one-and-done solution. After implementing access and data flow controls, conducting regular segment testing, and validating that the system works effectively is vital. Continuous monitoring, regular audits and timely updates are essential to protect a machine shop’s critical operations.
Small machine shops do their part in keeping the economy humming by producing necessary products. However, a ransomware attack can hamper their operations and grind production to a halt, leading to staggering financial losses. Strong manufacturing cybersecurity policies can help prevent infiltration and let operations keep their hard-earned income where it belongs and out of the hands of extortioners.
