Focus on what counts
Insights

Manufacturing Fear: Ransomware and M&D

November 19, 2020
view all archive

Ransomware is one of the most sinister types of attacks that cybercriminals have in their ever-expanding arsenal. Ransomware is often delivered by a spear phishing attack and once initiated, it spreads like wildfire throughout a victim’s environment, encrypting everything in its path and rendering anything it touches as inoperative. With virtually no chance of unlocking the advanced encryption used in these attacks, businesses are forced to pay a sizable ransom or hope that their backups can be used to restore operations.

In October 2020, the world’s largest manufacturer of office furniture suffered a devastating ransomware attack, paralyzing its operations for several days. The multi-billion dollar business reported that they “detected a cyberattack on its information technology systems” and “promptly implemented a series of containment measures to address this situation including temporarily shutting down the affected systems and related operations.” These are chilling words for any manufacturer, as time is money, especially in light of the economic challenges caused by an unyielding pandemic. Manufacturing downtime, distribution delays, and technology recovery costs can equate to a significant impact on revenue.

The onslaught against manufacturing and distribution companies is unlikely to stop anytime soon as this industry segment tends to attract cybercriminals looking to cash in on their attacks. Recent security reporting shows that the manufacturing industry is the most targeted industry by phishing attempts and browser exploits, where cybercriminals attempt to leverage operating system vulnerabilities to surreptitiously change system settings. A possible explanation for the propensity of these attacks is the lack of a cohesive cybersecurity approach across the organization that addresses the traditional information technology environment as well as the Internet of Things (IoT) equipment.

Maintaining strong cybersecurity defenses may seem overwhelming during COVID as some businesses do not possess the resources needed to identify and combat these threats. Citrin Cooperman offers a wide array of cybersecurity services to help keep a business safe and secure, including:

  • Cybersecurity Assessments: Citrin Cooperman provides an array of cybersecurity assessments to help a business understand the impact of a breach, identify the most critical systems and data, understand how to protect those key systems and data, recognize and prioritize gaps, and build a roadmap to a safer and more secure environment.

  • Security Awareness Training and Spear Phishing Simulations: Since the genesis of over 90% of data breaches is a spear phishing attack, it is imperative to train employees to identify and avoid this threat. Citrin Cooperman can provide your business with the training and simulations needed to avoid the scourge of spear phishing.

  • Compliance: Whether a company stores driver’s license numbers, credit card data, social security numbers, or other sensitive personal information, Citrin Cooperman can help identify what regulations apply and how to efficiently and cost effectively meet the necessary requirements.

  • Penetration Testing: All it takes is one unpatched or misconfigured server to allow cyber criminals into your business. Citrin Cooperman’s vulnerability management team can act as a “simulated bad guy” by conducting internal and external penetration testing to identify any vulnerabilities. A prioritized strategic plan to address any findings will be provided to help your business fortify its defenses against an actual attack.

With the ever-evolving surge of cybersecurity threats, Citrin Cooperman can help your business stay safe from cyberattacks and avoid becoming that next data breach headline.

For more information, please contact Kevin Ricci.

Kevin Ricci, MCSE, CISA, CISM, CRISC, QSA
Principal
kricci@citrincooperman.com