Manufacturers' Bring Your Own Device (BYOD) Cyber Risks

byod-cover

WHY THIS MATTERS

Manufacturers, and their suppliers, which provide necessary goods and services to consumers, must maintain operational resilience, even after a cyberattack.  

For nearly a decade, businesses have addressed the option of Bring Your Own Device (aka BYOD) at their company locations.

Now, during the COVID-19 Pandemic, organizations are exploring BYOD from a new perspective – remote work environments.

Initial ad hoc solutions for the surge in the number of remote workers may need to be updated to ensure a holistic cyber risk management strategy.

Most importantly, these essential businesses must be prepared for a cyber incident response if one of the BYOD personal devices becomes a gateway into their network.

The BYOD Security Challenge

For nearly a decade, businesses have faced the BYOD security challenge.

Manufacturers are asking how to allow the ease of use and increased productivity from BYOD while avoiding the financial loss of a BYOD policy that fails to prevent a huge, or even catastrophic, cyber or privacy event?

As reported, cybercriminals are targeting phishing attacks on BYOD devices. Notably, emails appear differently on Microsoft Outlook on a desktop versus on a smartphone. Hackers can optimize this difference when using spoof emails containing malicious code in links or attachments – making the device the gateway into your network.

Those companies with a BYOD security policy, rely on their IT team to ensure that employees who go the personal device route follow all security protocols.

Now, during the COVID-19 Pandemic, organizations are exploring BYOD from a new perspective – remote work environments.

Balancing the ease of use and productivity from BYOD with the cyber threats is an ongoing dilemma.

The Shadow IT Security-Gap Dilemma

Shadow IT refers to technologies that have not been vetted or configured by IT personnel, falling outside of the company’s control, and presenting a risk. Personal mobile devices which are not authorized or controlled by organizations are classified as unapproved IT devices, apps, programs, and services – Shadow IT.

Gaps in threat surface and endpoint security are what hackers, organized crime, and state-sponsored cybercrime organizations thrive on.

A recent Forbes article referred to Shadow IT as the cyber threat that keeps on giving --based on a report that indicates how hackers, organized crime and state-sponsored crime organizations rely on social engineering, phishing, and malware injections to gain access to networks and steal data. Four popular areas used by employees on Shadow IT personal devices include social media (39%), followed by downloading apps (24%), games (13%), and films (7%).

BYOD Cybersecurity

Cyber loss history reveals that cybersecurity measures alone may not protect a business from suffering a devastating financial loss.

Bad actors can manipulate your employees via spoof emails containing malicious links or attachments, which gives them access to your network and the ability to conduct cybercrime such as a ransomware attack, data breach, or business email compromise.

Fraudsters can send emails from an imposter posing as a supervisor that appear to be authentic and valid, tricking employees into sending funds to a fraudulent bank account.

Cybercriminals can send an email warning that you need to provide personally identifiable information (PII) by clicking on a box or link to update your account, say from your bank or health insurance provider, or for further information on COVID-19.

Cyber thieves can island hop from your third-party vendors or suppliers to your network to steal your data.

Programmable Logic Controller (PLC) Cyberattacks

In 2010, the Stuxnet computer worm generated a flurry of media attention because it was the first known virus capable of crippling hardware (and it appeared to have been created by the US National Intelligence Agency and Israeli intelligence).

The original Stuxnet malware attack targeted the programmable logic controllers (PLCs) used to automate machine processes at Iran’s nuclear facilities.

Stuxnet was a multi-part worm that traveled on USB sticks and spread through Microsoft Windows computers. Since then, Stuxnet malware has mutated and spread to other industrial and energy-producing facilities.

Today, to protect PLCs and other connected devices in factories and plants, manufacturers should rely on firewalls, anti-virus software, and create closed networks, limiting access to personal devices when possible. If a manufacturer falls behind in security updates, hackers may find a path to inject malware into computer systems or PLCs.

Enterprise Mobility Management Systems (EMMS)

A lost or stolen device can be a major security problem.

Your company must take proactive steps to disseminate the lost or stolen device reporting policy to ensure a rapid response.

If you use an Enterprise Mobility Management System (EMMS), they often provide remote device locking and wiping features so your company can remove sensitive or critical data from those devices.

Small and medium-sized businesses (SMBs) use mobile technology at just about the same rate as larger enterprises. According to IDC’s 2019 Enterprise and SMB Mobility survey, 62 percent of employees at SMBs use smartphones for work purposes, just slightly behind enterprises at 64 percent.

That means that SMBs need that same mobile device capabilities and cybersecurity management as larger enterprises – especially during the remote worker enablement challenges during COVID-19.

Stand-Alone Cyber Insurance 

In addition to a BYOD security policy, you need robust cyber insurance provided in a Stand-Alone Cyber Insurance policy with broad language that covers BYOD.

Some specialist cyber insurance companies offer comprehensive Stand-Alone Cyber Insurance, providing important coverage, including, for example: 

  • Business Interruption and Extra Expenses in which the insurer will pay or reimburse the insured for loss of business income and extra expenses incurred (after a waiting period and during a restoration period) resulting from a network security breach directly causing a complete or partial interruption of the insured’s business operations.
  • Data recovery in which the insurer will pay or reimburse the insured for data recovery expenses incurred as a direct result of a network security breach.
  • Data breach response and crisis management coverage will pay or reimburse the insured for data breach response and crisis management costs resulting from a data breach or network security breach. 
  • Resilience planning to assist the insured with an incident response plan, business continuity plan, and disaster recovery plan after cyber incident.

INCIDENT RESPONSE PLAN (IRP)

What if your organization is hacked despite your BYOD security policy? If you can afford to pay for the myriad costs for the cyber incident response, then you may not be overly concerned. Unless, of course, your Board of Directors is asking about cyber insurance as part of your resiliency planning.

Your business should not underestimate the value of cyber incident response planning. According to the Ponemon 2020 report, the highest cost saver for businesses was Incident Response (IR) preparedness. The average total cost of a data breach for companies with an IR Team that also tested the IRP (using tabletop exercises or simulations) was $3.29 million, compared to $5.29 million for companies that did neither – meaning no IRP and no IR team. This $2 million cost difference is an increase from the $1.23 million cost difference in the 2019 study.

During the Pandemic, a vital part of your business resiliency planning must include a personal device security breach scenario.

In addition to your IRP, Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) will help you restore operations in the timeliest and most cost-effective manner.

BUSINESS CONTINUITY PLAN (BCP)

Like disruptions caused by weather events or property damage, cyberattacks can halt your business.

You anticipate and make plans for weather events and property damage. Then, you buy insurance coverage for any residual risk as a part of that plan.

The same holds true for cyber risk. You need a business continuity plan and cyber insurance for any residual cyber risk.

Your plan will include documented steps that outline how business operations will be maintained along with regular testing exercises to validate the plan’s effectiveness.

A business continuity plan helps you mitigate the impact of unplanned business disruptions caused by cyberattacks.

DISASTER RECOVERY PLAN (DRP)

Significant disruptions to your business operations call for a disaster recovery plan.

Like disruptions caused by hurricanes, large fires, or extensive flooding, cyber events can be massive.

Disasters require a multi-faceted approach, implementing human, physical, and technical resources to recover from the disruption of business operations.

From an IT perspective, restoring critical, secondary, and tertiary data from backups, the cloud or separate networks, computer systems, software and anti-virus software, cybersecurity tools, and any other Internet of Things (IoT)-connected equipment required for your business to operate.

A Stand-Alone Cyber Insurance policy provides you with valuable services and coverages that you may not have in your standard commercial insurance policies.

TAKEAWAYS

  • Regardless of the industry, allowing BYOD is a gateway into your network when cybersecurity measures are not implemented or fail to prevent a cyberattack.
  • Manufacturing in the distributed workforce environment requires an increase in cyber risk management and cyber risk awareness training to fill gaps in your cybersecurity measures that fail to prevent a cyberattack.
  • Hackers find ways to manipulate your team – in remote locations and on-site facilities – such as:
    • When employees click on a link or attachment in an email that appears to be authentic and valid on their personal mobile device
    • When employees are tricked into wiring funds to a fraudulent bank account based on email instructions from a supervisor that appear to be authentic and valid
    • When employees share login credentials with a criminal email sender in an email that appears to be authentic and valid on their personal mobile device, granting them access to your critical, confidential data, client lists, and employee personally identifiable information (PII).
  • Your Board of Directors may not be happy about funding out-of-pocket cyber incident expenditures without any cyber insurance to provide some of the incident response support and cover some of the financial loss.
  • Preferably, manufacturers and processing facilities should rely on Stand-Alone Cyber Insurance to ensure support in their cyber incident response, and coverage for business interruption, damages paid to a third party, or fines paid to a regulator.

Reach out to Cyber Armada Insurance, a specialist cyber broker, for Stand-Alone Cyber Insurance solutions appropriate for your cyber risk tolerance – to help you prepare for and recover from a cyberattack or privacy breach.

Contact Cyber Armada today to examine how your company faces potential financial losses from ransomware attacks, data breaches, denial of service attacks, or business email compromise. Contact us at 888.727.6232.

NEXT ARTICLE

Please watch for our next article on the industrial supply chain.
This article is made available for informational purposes and is not intended to be a substitute for professional or legal advice. No attorney client relationship is formed or implied between you and the authors(s) or Cyber Armada Insurance.
Articles & Insights Home
Cyber Armada Team
Posted by Cyber Armada Team on Aug 14, 2020
Facebook Linkedin Twitter
Application

Apply for Cyber Insurance Online

Answer a few questions online and Cyber Armada will design a cyber insurance policy tailored to your particular needs.

Apply Online
Apply for Cyber Insurance
Schedule an appointment with Cyber Armada
Appointment

Can we talk?

We're ready to talk when you are. You can schedule an appointment to speak with a representative from Cyber Armada when it is most convenient for you. Whenever possible we use online meetings to increase productivity and increase the amount of time we can spend with you. We use Zoom Meetings as our preferred video conferencing platform.

Schedule Appointment