Manufacturing Under Cyberattack
WHY THIS MATTERS
Manufacturers and processing plants today work in a world of “symbiosis” where each part of the supply chain relies on all the other parts. If one fails, the rest may fail as well. One phishing email can break the chain.
Investing in high-quality cybersecurity measures should be a vital part of a manufacturer’s risk management strategy.
Executives and decision-makers, from large multinational companies to smaller producers, are left with the same important question: “Is it enough?” The answer is a resounding “No.”
If a business establishes cybersecurity measures, and stops there, that is only half of the equation. The other half of the equation is robust cyber insurance coverage.
Without an intentional, affirmative stand-alone cyber insurance policy, your company remains at risk – vulnerable to residual cyber risk.
Your company’s residual cyber risk includes a very important sector of your business, your employees. Human error happens even with the best intentions by employees. One email with a malicious link or attachment can jeopardize your entire cyber risk management plan.
Manufacturers of all sizes and from all sectors can look back at the 2019 ransomware attack on Norsk Hydro, and learn from it.
Manufacturers Under PHISHING Attacks
Manufacturers are facing an onslaught of cyberattacks. In 2019, one report found that half of the manufacturing companies had experienced a data breach or cyberattack.
A failure to prevent human error from phishing emails may result in a ransomware attack with devastating business interruption and economic loss.
Preventing a significant disruption to your business begins with cyber threat awareness by a company executive team, IT, risk management, and employees.
You have options available to protect your company and employees from fake emails – while they work in the office or during remote work:
- Virtual meetings or conference calls to discuss best practices to prevent a security breach
- Employee training on the latest phishing and social engineering attacks
- Dry runs to test employee’s cyber awareness.
- Do not click hyperlinks in emails from unknown senders
- Since domain and display name spoofing are prevalent, carefully review internal emails and use multi-factor authentication such as follow-up calls if unsure of the authenticity
- Never give personal information or login details in response to an email request to avoid business email compromise (i.e., fraudulent fund transfers)
- Report email attacks to the IT department or security manager
- Backup critical files and systems, minimally your critical data assets
- Develop data access protocols for system administrators and critical employees
- Patch and update software systems to address weak points
- Invest in reliable anti-virus and anti-phishing software
- Create and practice your internal incident response plan, business continuity plan, and disaster recovery plan.
- Create a chain of command to work with your cyber insurance carrier if a cyberattack occurs.
Notably, a phishing email can trigger a ransomware attack that causes a business interruption.
For example, one phishing email to a single employee triggered one of the most notable ransomware attacks of 2019, Norsk Hydro.
Norsk Hydro’s LockerGoga Ransomware Attack
In March 2019, Norsk Hydro, the large multinational Norwegian aluminum manufacturer, suffered a ransomware attack that locked files on thousands of servers and computers, affecting all 35,000 employees at 170 plants across 40 countries.
All that damage had been set in motion three months earlier when one employee unknowingly opened an infected phishing email from a trusted customer. From there, hackers invaded the IT infrastructure and covertly released their malware, forcing Norsk Hydro to shut down the network and servers to avoid any further spreading of the malware.
LockerGoga, a form of ransomware, encrypted the files on desktops, laptops, and servers throughout the company. The hackers posted a note on corrupted computer screens demanding an unspecified ransom payment in bitcoin to decrypt the software -- with the price depending on how fast they contacted the hackers.
As reported, Norsk Hydro executives made three swift decisions: 1) they refused to pay the ransom, 2) they summoned Microsoft’s cybersecurity team to help restore operations, and 3) they were fully transparent about the breach (the latter applauded by global security experts).
Norsk Hydro implemented a high-level incident response plan by setting up a temporary website and informing the press and staff with daily updates. The company carried on with manual (non-IT driven) operations.
LockerGoga Ransomware Attacks on Industrial Firms
As the Norsk Hydro incident response team learned more about LockerGoga, they discovered similar ransomware attacks on Altran Technologies, an engineering consultancy company in France, and two US industrial firms – Hexion, based in Ohio, and Momentive, based in New York.
The concern for industrial firms is that LockerGoga goes a step further than mere encryption of data – it disables the computer’s network adapter to disconnect it from the network, changes the user and administrative passwords on the computer, and then logs the machine off.
The most recent loss estimate is nearly $75 million. Norsk Hydro is reported to have cyber insurance to cover some of those costs.
Recovery With Stand-Alone Cyber Insurance
The prevalence of ransomware attacks against industrial firms is forcing them to review the need for cyber-related business interruption coverage, either in their current or renewal cyber insurance policy.
The Norsk Hydro ransomware attack illustrates the need for incident response planning and robust stand-alone cyber insurance policy that covers ransomware attacks, incident response costs, and cyber-related business interruption.
Your business stands a better chance of recovery with a robust stand-alone cyber insurance policy that provides coverage to protect your business against cyber-related losses.
- Ransom payments – when hackers lock your network or computer system demanding payment of ransom for the key to unlocking your system.
- Business interruption (BI) - loss of business income during the cyber event (after a brief waiting period), including the policyholder’s net profit before taxes, and extra expenses incurred during a shutdown of your computer network.
- Extortion-related expenses – when you incur losses because of the extortion threat, such as making the ransom payment and the cost of hiring a security expert to advise you on how to respond to a threat.
- Repair costs – when you sustain losses due to damage, disruption, theft, or misuse of your data, such as the cost to restore, replace or reconstruct programs, software, or data.
- Incident response team – when you face costs associate with the support of an incident response team accustomed to addressing cyber incidents.
- Employee training tools – to help prevent attacks and protect your network and data.
Your company’s residual cyber risk includes a significant sector of your business, your employees.
Human error happens even with the best intentions of employees. One email with a malicious link or attachment can jeopardize your entire cyber risk management plan.
- Phishing emails succeed due to human error.
- Human error jeopardizes your cyber risk management strategy.
- A valuable solution is employee training with dry runs that test employees’ cyber risk awareness and best practices.
- Manufacturers conduct test runs of new equipment, ingredients, and safety measures. Why not do the same for employees?
- A failure to prevent human error from phishing emails may result in a ransomware attack with devastating business interruption and economic loss.
- Your business stands a better chance of recovery with a robust stand-alone cyber insurance policy.
Reach out to a specialist cyber broker, such as Cyber Armada Insurance, to request robust cyber insurance solutions appropriate for your specific cyber risk transfer needs. We understand the evolving demands and expectations of cyber insurance clients.
Contact Cyber Armada today to examine how your company faces potential financial losses from business interruption caused by a cyberattack. Contact us at 888.727.6232.
Please watch for our article on Point of Sale (POS) Cyber Risk).