Why are manufacturers so susceptible to cybersecurity attacks?

First, hackers are now out for intellectual property - innovative processes, proprietary plans, confidential formulas, etc. - which can make it incredibly easy (and cheap, due to bypassing R&D) to copy your products and sell them for less. According to a Verizon report, over 30 percent of data breaches at manufacturing companies involved the theft of IP. This accounts for the increase in these cyber attacks.

Have you been getting emails from yourself or questionable emails from business contacts? Receiving a lot of spam emails lately? Is it becoming harder to differentiate between legitimate emails and phishing emails?

You're definitely not alone. Spam, phishing and spoofing are happening more and more these days. According to the FBI, phishing attempts increased 60% in 2018.

Phishing, spear phishing, spoofing, smishing and social engineering... First, let's talk define all these terms:

Why are manufacturers so susceptible to cyber security attacks?

First, hackers are now out for intellectual property - innovative processes, proprietary plans, confidential formulas, etc. - which can make it incredibly easy (and cheap, due to bypassing R&D) to copy your products and sell them for less. According to a Verizon report, over 30 percent of data breaches at manufacturing companies involved the theft of IP. This accounts for the increase in these cyber attacks.

ERP systems make a very appealing target for hackers, as these systems run business-critical processes and contain highly sensitive financial information, manufacturing secrets and even customer information such as credit card numbers.

The Department of Homeland Security Computer Emergency Readiness Team (US-CERT) recently released an alert citing a study that highlights the risks posed to thousands of unpatched ERP systems. This study specifically discussed SAP and Oracle systems, but similar risks can exist for any ERP system which may be incorrectly configured, out-of-date, unpatched, etc. 

If you have contracts with the United States Department of Defense (DOD), NASA or GSA, or are a subcontractor to a prime contractor with those contracts, your organization had until December 31, 2017 to begin your journey towards NIST (National Institute of Standards and Technology) 800-171 compliance. 

What is NIST 800-171?

If you're in need of a nap, you can read the full NIST Document 800-171, Protecting Controlled Unclassified Information in Non-federal Information Systems and Organizations. 

If you need to remain awake, here's the short of it... 

From Infor:

This week, the world became aware of two major vulnerabilities, “Meltdown” and “Spectre,” that impact a large majority of computer processors. The vulnerabilities were discovered in late 2017 by teams of researchers who alerted major processor makers such as Intel, AMD, and ARM. The vulnerabilities that have been identified are fundamental designs within the chip architectures and must be addressed at the OS level on every system.

Peter Bright, Technology Editor at ARS, authors a series of especially informative, albeit technically complicated, explanations of the two vulnerabilities named Meltdown and Spectre.

In this post,  we will include some excerpts as we attempt to simplify the vulnerabilities and key takeaways in the interest of satisfying your curiosity or concern, and saving you from reading the plethora of technical articles that have justifiably been a part of the recent news cycle.

At BizTech, we empower each client to accomplish their mission through technological innovations and operation improvements. This includes anticipation and response to technical issues that might impact user productivity.