How Industrial Control Systems Make Businesses Cyber Exposed
WHY THIS MATTERS
Phishing and spear-phishing emails that trick or manipulate people to take action can override investments in cybersecurity and safeguards. This creates residual cyber risk that is not detected or prevented.
To remain on surer footing, reach out to a specialized cyber insurance broker and cyber insurance carrier to ensure that you transfer your residual cyber risk.
If your company does not transfer some of cyber risk, then you could face devastating financial losses after a cyberattack.
Industrial Control Systems are part of the rapidly-increasing class of the Internet of Things (IoT) devices.
Since the COVID-19 Pandemic began, hackers, fraudsters, and scammers have focused extraordinary attention on potential cyber vulnerabilities -- whether for espionage or grift.
Among other industries, cybercriminals are focused on manufacturing, transportation (shipping, air freight, truck fleets), and logistics.
A recent report by the Insurance Journal considers four key industries dependent upon industrial control systems (ICS): manufacturing, shipping, energy, and transportation. It assesses precedent for cyber attacks and the potential impact on each.
Cyber Risk to the COVID-19 Vaccine Cold-Chain
As reported by Wired, a sophisticated global phishing campaign seeks to harvest credentials from companies involved in their COVID-19 vaccine cold-chain distribution.
According to a report from IBM X-Force, their threat intelligence task force uncovered the calculated operation which started in September 2020, spanned across six countries, and targeted organizations likely associated with Gavi, The Vaccine Alliance’s Cold Chain Equipment Optimization Platform (CCEOP) program (with the potential hallmarks of nation-state tradecraft).
Supply-Chain Cyber Risk in Third-Party Logistics (3PL)
As discussed in our previous article, bad actors are attracted to the 3PL sector because it handles large amounts of cash, credit, and financial transfers. If the hackers can access your systems via your supply chain, they will not miss the opportunity.
3PL companies cannot afford to lose time, money, data, or brand value because of a cyberattack.
Our recent article on Third-Party Risk discussed how your business needs to ensure that third parties, such as business partners, suppliers, and vendors, are maintaining adequate cybersecurity levels.
Logistics companies need to conduct vendor risk management assessments to confirm the cyber hygiene of vendors and suppliers.
Even with cybersecurity in place, hackers may gain access to your computer systems and networks by tricking or manipulating your people via social engineering.
Fraudsters know how to manipulate our sense of trust when they produce these scams. People inside the company give bad actors access by providing login credentials based on fake phishing or spear-phishing emails, text messages, or phone calls. Finance teams transfer money to fake bank accounts based on instructions in emails sent by imposters. Staff clicks on malicious links releasing malware into your network.
Loss Prevention Action Steps
- Train staff regularly on spotting potential threats and malicious emails. The vast majority of data breaches and ransomware attacks are caused by human error in fraudulent, spoof, or phishing emails. Identifying threat actors is key to breach prevention.
- Regularly backup sensitive and critical data and utilize unique password protection for granting authorized access to data and systems. In many ransomware events, computer systems can be wiped and restored with no ransom paid and minimal impact to operations.
- Enable remote system wiping on mobile devices and computers for when items are lost or stolen.
- Enforce secure, unique passwords and regular changes, including on firewalls and routers. Do not allow the use of default passwords on IoT devices.
- Implement network-level security to authenticate individual IoT devices.
- Use multi-factor authentication (MFA) for remote access to Microsoft365 products. Fraudulent emails often trick employees into entering their login credentials. Using MFA can prevent outside threat actors from obtaining this data, even if they have your password.
- Use 2-factor authentication (2FA) for wire transfers over a certain monetary threshold and international funds transfers (whether you conduct offshore trade). Threat actors often exploit when key personnel is out of the office (e.g., on a long holiday weekend), making it more difficult to authenticate. Setting up clear authentication protocols for large or foreign transfers with your bank can help prevent or recover fraudulent wire transfers.
- Third-party vendor risk assessments will help you ensure their cyber hygiene to prevent them from inadvertently allowing access to your systems.
- Regular cybersecurity updates on all IoT devices should be part of your cyber due diligence.
- Establish an Incident Response Plan (IRP) that includes Business Continuity and Disaster Recovery in the event of a breach. Your cyber insurance support network will help you with your IRP, with the goal being a prompt restoration of your business operations and systems with less financial impact.
Even if your business is cyber vigilant, one truck or one IoT device may be a gateway into your network.
That is when you need the support network provided by a robust Stand-Alone Cyber Insurance policy. An Incident Response Team, and highly-qualified cyber claims professionals, will be laser-focused on stopping a cyber invasion, preventing further loss, detecting the root cause of the cyberattack, and then mitigating the loss to reduce its financial impact on your bottom line.
- Cybersecurity measures are an essential part of your cyber risk management, but they are only as effective as the weakest link in your supply chain.
- Prevention, detection, and mitigation require due diligence in planning and preparing for a cyber incident involving a data breach, ransomware attack, denial of service attack, fraudulent wire transfer, or fraudulent invoice manipulation.
- If your cybersecurity measures fail to prevent a cyber incident, you will benefit from having transferred any residual cyber risk to a Stand-Alone Cyber Insurance Policy, most notably:
- An Incident Response Plan (developed in collaboration with your cyber insurance carrier) will provide you with a team of specialists to guide you through a cyberattack response.
- An Incident Response Team, and highly-qualified cyber claims professionals, will be laser-focused on stopping a cyber invasion, preventing further loss, detecting the root cause of the cyberattack, and then mitigating the loss to reduce its impact.
- Protect your financial viability and bottom line after a cyber loss.
Reach out to a specialist cyber broker, such as Cyber Armada Insurance, to request innovative and robust cyber solutions appropriate for your needs and cyber risk tolerance. We understand the evolving demands and expectations of cyber insurance clients.
Today, contact Cyber Armada to examine how your company faces potential financial losses from business interruption caused by a ransomware attack. Contact us at 888.727.6232.