2023 Tax Calendar
VIEWpoint Issue 2 | 2022
Inflation Reduction Act: Highlights of Key Changes for You and Yo...
HUD Strengthens the Effects Test
President Biden’s Proposed Budget Includes Notable Tax Provis...
IRS Issues Another Warning Against Employee Retention Credit Scam...
Many manufacturers have a false sense of calm when it comes to cybersecurity. They incorrectly assume their risk of a cyberattack is low because they don’t sell products on the Internet or gather credit card information and other sensitive data from customers. It’s true that most big data breaches that make headlines focus on large retailers or financial institutions. But in recent years, hackers looking for the next big score have found that manufacturers are an attractive target.
To avoid potentially devastating cyberattacks, it’s a good idea to conduct a risk assessment to identify vulnerabilities and take steps to shore up your defenses.
Manufacturing companies are being targeted by cybercriminals because, in many cases, they’re more vulnerable than other types of businesses. For one thing, the manufacturing supply chain is complex, with an intricate network of suppliers, logistics firms, distributors, retailers and others, often interconnected via the Internet. Members may have access to each other’s systems, so a vulnerability in one link of the supply chain can expose the entire chain to cyber risks.
Also, as the digital revolution continues, manufacturers are increasingly relying on Internet-connected devices on the shop floor that can be monitored and operated remotely. At the same time, the manufacturing industry has been slower than other industries to upgrade IT infrastructures and develop robust security practices designed to prevent, detect and mitigate cybercrime.
Manufacturers’ systems generally don’t store customers’ credit card numbers and other sensitive data that criminals can use to perpetrate identity theft and similar crimes. Instead, cyberattacks against manufacturers are designed to disrupt their operations in an effort to extort money.
For example, hackers that gain access to Internet-connected devices could shut down a manufacturer’s operations or cause it to produce defective products. Or they could introduce ransomware into a manufacturer’s systems, blocking access until a ransom is paid.
Another technique is to steal valuable intellectual property stored on a manufacturer’s system and sell it on the black market. Examples include patents, designs, manufacturing processes, R&D documents, customer lists, contracts, bidding information, business plans, marketing plans and proprietary software.
Manufacturers also aren’t immune to ordinary fraud. For example, a cybercriminal may send a phony email from an actual vendor, updating its payment information and asking the manufacturer to send all future payments to a bank account the criminal controls.
To protect your manufacturing company against cyberattacks, start by conducting a risk assessment to take inventory of your hardware, software and data and identify any vulnerabilities. It’s critical to examine all of the ways employees, vendors and other partners are able to gain entry into your network. Then implement policies, procedures and controls designed to prevent unauthorized access.
Equally important is an incident response plan, to mitigate the damages in the event of a breach. Finally, have a solid backup plan that enables you to resume operations in the event a hacker destroys or blocks access to data.
Finally, don’t underestimate the importance of training. Many breaches involve social engineering to crack weak passwords or design phishing emails that trick employees into downloading malware. Be sure your employees know the risk is real, and their actions can affect the cybersecurity of your business.
Doeren Mayhew’s IT and cybersecurity advisors can assist manufacturers by not only helping provide employee training, but also identifying cybersecurity risks lurking near your organization. Contact us today.
This publication is distributed for informational purposes only, with the understanding that Doeren Mayhew is not rendering legal, accounting, or other professional opinions on specific facts for matters, and, accordingly, assumes no liability whatsoever in connection with its use. Should the reader have any questions regarding any of the news articles, it is recommended that a Doeren Mayhew representative be contacted.
A quick registration is required to view our resources.
You will only be asked to do this one time (unless you don't save your browser cookies).