Cybersecurity tops list of concerns for IN fabricators

bhernandez@kpcmedia.com

FORT WAYNE — When most people think of cyber threats to businesses, companies like Equifax might come to mind — companies that deal with millions of consumers’ personal information.

However, hackers don’t discriminate, and cyber threats are among the top concerns of Indiana’s largest industry: manufacturing.

In a recent survey of Indiana’s manufacturers by the Indiana Manufacturers Association, 43 percent of manufacturers said that cybersecurity was a problem in their operations, 50 percent said it was not and 7 percent were unsure.

Traditionally, manufacturers’ networks were isolated within their buildings or within their companies, but with the growth of technology such as autonomous cars and refrigerators that can tell you when your milk is about to expire, networks have expanded and become more vulnerable to cyber threats, said Darryl Togashi, department chair for cybersecurity/information assurance, information technology support, network infrastructure and server administration programs at Ivy Tech Community College Northeast’s Fort Wayne campus.

Togashi was recently appointed to Indiana Gov. Eric Holcomb’s Executive Council on Cybersecurity. The council is assigned to form an understanding of the state’s cyber risk and identify protective priorities.

Companies must stay up to date on antivirus and malware protection, but they must also be prepared for other kinds of data breaches. There are some things a company can do proactively to prevent a worst case scenario or address a situation quickly to minimize damage.

Businesses might consider having their systems analyzed by an IT specialists to identify areas that are vulnerable to hacking. IT specialists can also help prioritize systems in the order that they should be restored if a breach were to occur.

Businesses can also prepare for the worst. Just like there are recovery plans for natural disasters, businesses can have plans in place to address cyber threats promptly, Togashi said. This can be as simple as knowing who to call, he said. This might involve enlisting the help of an outside firm to deal with a cyber attack.

Companies should also be aware of local and federal laws that may dictate when a breach needs to be reported. Togashi encouraged businesses to form relationships with local law enforcement officers to find out who they would need to get in touch with if a breach were to occur.

Some companies fear reporting because the companies are worried about image; they don’t want to be seen as insecure, Togashi said. However, he encourages all businesses to come forward (in some cases it’s required by law) because this information allows law enforcement to identify trends if there is a lot of activity among certain kinds of manufacturers or processes.

Another major concern among manufacturers and other businesses are threats that come from working with other legitimate parties. While companies can do things to protect themselves, they can’t always ensure that the partners that they are doing business with are doing the same. In this way, companies can be targeted indirectly through other companies that have access to their systems.

Protecting intellectual property is also a concern among manufacturers, Togashi said. A lot of the hacking that China was doing a few years ago was about accessing intellectual property, not making American systems fail, he said.

“They know that Americans are way ahead of the game in certain fields, and they’re targeting companies that are ahead of the game to steal information to see if they can make some headway without doing the research themselves,” he said.

Five to 10 years ago, companies that dealt with consumer information such as medical records, social security numbers and credit card information were early adopters of cybersecurity insurance, said Nikki Galbraith, a risk management consultant for insurance agency Hylant Group.

However, these days cyber threats are a growing concern for the manufacturing industry. One of the biggest concerns among manufacturers is ransomware, a malicious software that blocks access to systems until a ransom is paid, Galbraith said. In some cases, Indiana manufacturers have had to halt production because of a cyber attack. She described the attack as someone putting “a lock on the door and you can’t get your folks in there for production.”

A cybersecurity insurance policy can provide resources for risk mitigation and connect businesses with experts like a breach attorney and forensic auditor if a cyber attack were to happen. A policy can also help with any revenue loss that a business might incur if there is an interruption to their operations because of a cyber breach.

However, Galbraith said, a policy is just one piece of what businesses can do to protect against cyber threats. Investing in risk mitigation in house and engaging third parties to make sure they have a secure environment can also help thwart cyber threats.

Cyber safety tips

Avoid ransomware: Abstain from clicking on popups that you do not know you can trust and consider disabling popups altogether. Don’t click on links in emails from people you don’t know or that seem out of character from the supposed senders.

Be proactive: Work with IT specialists to analyze your systems for vulnerable areas and form a contingency plan for what to do if a cyber breach were to occur.

Know the law: Become familiar with local and federal law in relation to reporting guidelines for cyber attacks. Reach out to law enforcement to form relationships so that you will know who to call if your business becomes the victim of a cyber attack.

Source: Darryl Togashi, a member of Indiana’s Executive Council on Cyber Security; in.gov/cybersecurity