Blog

Are you doing enough to protect your manufacturing business from a cyber-attack? As more and more manufacturers deal with cyber incidents, including ransomware, it’s clear the cyber threat is now a top concern for the industry. In this article you’ll hear from some cyber experts brought together for a recent GJM Manufacturing Financial Executive Roundtable event. GJM manufacturing team lead Wes Beham hosted the gathering, while GJM’s Reid Mankowski moderated the panel discussion: “The Cyber Threat: Protecting Your Business.”  Read on to learn what our expert panelists say you should be doing to protect your business, as well as some areas of risk you may not have considered.

Threats

Dr. Loren Wagner is Director of Risk & Technical Services at CentraComm, a company that helps businesses determine their risk of a cyber-attack. Wagner says the cyber threats out there remain ominous. He cites the SolarWinds hack in early 2020 as an example of the damage a “supply chain”-related hack can do. SolarWinds is a software company that provides IT management and monitoring services. The hackers in the SolarWinds incident added harmful code to the SolarWinds software system. When SolarWinds then sent out software updates to its customers, that hacked code was included, giving the cyber criminals access to IT infrastructure at those companies. The hacks went undetected for months. Some top US officials believe the hackers were Russian.

But Wagner says threats don’t always come from afar. They can originate much closer to home and he says you can’t rule out an internal hack, perhaps from a disgruntled employee. Nation-state hackers and organized crime can be responsible as well. He says they’re very good at what they do, and these types of threats are increasingly common.

A Changing Landscape

Wagner was joined on the GJM roundtable panel by Alex Clark, VP and Cyber Risk Leader for Hylant. Clark says it’s incredible when you consider how the cyber landscape has changed. He says ransomware now accounts for about half of the cyber insurance claims they’re seeing.

“Cyber bad actors are getting more creative."

Clark says these "bad actors" are attacking operational functions once they access a company’s infrastructure. “Businesses need to start asking more questions to make sure they’re protected.” Clark says he’s seeing an increase in ransomware attacks in which the hackers not only lock down the business for ransom, but also steal company data.

What can you do right now to protect your business, and what questions should you be asking? Here’s what our panelists say you need to consider:

• Do you have your IT/security team at the executive table for the conversation about cybersecurity? They need to be there
• Try to think down the road to stay ahead of these criminals
• Look at your peers. Are you where you should be with policies/protections?
• How proactive are you being with your security measures?
• Do you have an incident response plan? Have you tested that response plan?
• What does your backup system look like? Where is that backup system?

Corey Kaemming says The Andersons has done some tests in which they hired people to try to break into their system and see if they could get in. Kaemming, also a panel member, is Senior Manager of Information Security at The Andersons. Another test, he says, involved letting an individual gain access to their system and seeing how far they could get and what information they could access.

The panelists all agreed that preparation helps a company understand its limitations. Kaemming says The Andersons has documented its response plan and will practice it on a regular basis. Clark also urged attendees to take advantage of resources their insurance carriers offer to help mitigate their risk.

Here are some other key items panelists say all executives should keep in mind:

• Multifactor authentication for emails
• Ensure you have system backups in place and that you test them regularly
• Software “patching” in place where it needs to be. For example: you patch Microsoft, but Adobe may not get patched
• Employee awareness and training is critical. They need a clear understanding. Do a periodic vulnerability assessment
• Don’t forget to secure “end of life” software: old, abandoned versions of software still out there
• Do scans at least two times a year, more if you have a lot of change going on
• Cyber insurance: No longer a blanket approach. Find the right fit for you. Several carriers cater to middle market businesses
• Cell phones: another risk. Are personal devices included in your cyber policy?
• Revisit policies around your cyber policy. For example, your acceptable use policy
• Once you’ve had a claim there will be heightened scrutiny from insurance underwriters
• Just because you’ve had a claim that doesn’t make you uninsurable

Cathy Witte from CIFT/Ohio Manufacturing Extension Partnership (MEP) also spoke to attendees, offering details on a funding opportunity for cyber projects available through the MEP. Manufacturers looking to learn more are encouraged to call 419-535-6000, ext. 142, or go to ciftinnovation.org.

The cyber threats that exist today are ever-present and everchanging. Be sure your business is ready.

GJM’s Risk Advisory offerings include a team of specialists who work with many different types of businesses to determine and manage cyber risk. Learn more about our Risk Advisory Services.

Established in 1996, Gilmore Jasion Mahler, LTD (GJM) is the largest public accounting firm in Northwest Ohio, with offices in Maumee and Findlay. Locally owned, GJM offers cloud-based accounting and provides comprehensive services including assurance, business & transaction advisory, healthcare management advisory, outsourced accounting, and risk advisory. The firm’s professionals specialize in industries including construction & real estate, healthcare, manufacturing & distribution, nonprofit, private equity and utilities.