Cybersecurity should be top priority for businesses

Attacks against small and mid-size companies are rising

Manufacturers of all sizes are at risk of crippling ransomware attacks, and the consequences can be devastating.

These attacks involve the “virtual” theft of digital files. Hackers then demand a monetary ransom before the files are restored.

Attacks against small and mid-size companies are rising at an alarming rate. Smaller manufacturers have been targeted because they usually haven’t invested much in the way of cybersecurity. Hackers often take advantage of this, seeking $10,000, $20,000 or even more from businesses to have their systems returned before moving on to the next target.

The average cost of a data breach for small companies is $38,000, according to most recent figures, and it has been estimated that more than half of the companies go out of business within six months of a cyberattack.

In most cases, ransom money paid to hackers must be in the form of cybercurrency, such as bitcoins.

If manufacturers opt not to pay ransom, they must rebuild their systems and have a cybersecurity expert make sure it’s locked down before restoring it. In the face of this threat, small and mid-size companies need to take steps to keep their information technology systems safe, not only for their own benefit but also for those of their customers.

The Wisconsin Manufacturing Extension Partnership has developed services aimed at addressing cybersecurity issues.

The WMEP meets with businesses and assesses their situation before immediately setting them up with a third-party cybersecurity firm that has been vetted through the National Institute of Standards and Technology’s Manufacturing Extension Partnership network.

In most cases, cybersecurity problems aren’t solely tied to the information technology system a manufacturer is using but are the result of the actions of employees, who open emails that unleash ransomware, or malware, attacks.

Not only do companies need to test the information technology boundaries of their system but they must make sure that their employees understand the threats to the system.

It’s almost certain that potential customers will begin inquiring about a manufacturer’s cybersecurity system as part of their own risk mitigation or management.

Conducting a cybersecurity assessment also is becoming a top priority for manufacturers that are part of the Department of Defense supply chain.

On December 31, 2017, the Department of Defense, through the National Institute of Standards and Technology (NIST) and the Defense Federal Acquisition Regulation Supplement (DFARS), began requiring that all suppliers in the defense supply chain begin working toward compliance with cybersecurity standards.

Suppliers must perform a self-assessment and create a plan to remediate areas where they fall short of meeting standards. The NIST Manufacturing Extension Partnership has also published a self-assessment document to help companies become compliant.

The Department of Defense is requiring that its contractors abide by these requirements, which will cascade through the supply chain.

If your company does work in the Department of Defense supply chain and you have no plans in place for meeting the standards, you are at risk of losing federal contracts and your information is vulnerable to cyberattacks.

The requirement includes 110 elements with which suppliers need to comply. Suppliers must begin a remediation program to address those areas where they fall short.

The WMEP offers key services to companies seeking assistance in assessing cybersecurity requirements and working to become compliant.

The WMEP does an assessment of the standard and helps manufacturers understand the 110 requirements and where they stand against them. A gap report is produced, showing what requirements need to be addressed.

While the mandate for completing the initial assessment by Dec. 31, 2017 has passed, no time limit has been set for completing the required remediation. Although there are no fines for non-compliance at this point, contracts have been denied to manufacturers that haven’t addressed the requirements.

It’s also highly likely that the Department of Defense won’t be alone in requiring that suppliers meet cybersecurity requirements. The Automotive Industry Action Group (AIAG) has indicated that a cybersecurity mandate will be forthcoming later this year.

All are compelling reasons for companies to immediately begin implementing a cybersecurity program.

For more information on how the Wisconsin Manufacturing Extension Partnership can assist in cybersecurity matters for your company and/or to set up an appointment, call 608-335-3203 or go to www.wmep.org.