This article appeared in the October 2019 issue of MiMfg Magazine. Read the full issue and find past issues online.
Your business could be just one poor decision away from collapse. For all the good you do — innovating products, creating jobs, investing in the community — it can all disappear with a click of a button.
“Manufacturers have seen a substantial rise in cyber security threats and ransomware attempts in recent years. There’s a general fear across the industry because of what these kinds of attacks can do to a business,” said Chuck Hadden, MMA president & CEO. “It’s become clear that cyber criminals are either many steps ahead or only a step behind today’s most innovative security strategies. You can’t stop every attack and that might be the scariest thing about cyber threats — any single one could be the one that puts you out of business.”
Cyber attacks can come seemingly out of nowhere. One minute everything is running smoothly and the next you’re facing system crashes, lost intellectual property or customer data, or are locked out altogether.
Depending on the size of your business, the time it takes to recover from an attack or to rebuild a brand reputation may be too much to overcome. Consider the following facts:
- The average data breach will cost a U.S. manufacturer $7.91 million
- On average, it takes manufacturers 197 days to identify a data breach
- Six out of 10 small and mid-sized businesses go out of business within six months of being hacked
In the 21st century, cyber crime has become one of the single largest threats to your business and many manufacturers remain ill-prepared to face it.
“I don’t know if anything poses a greater long-
term risk to manufacturers today than the threat of cyber crime,” said Phil Sponsler, president of Orbitform and recipient of the 2017 John G. Thodis Michigan Manufacturer of the Year Award. “When I talk to fellow business leaders it isn’t just the current risks that they fear — they are seeing what’s down the road. Manufacturing is already one of the top-targeted industries for cyber threats and we’re an industry becoming more reliant on technology every day. That can be very good for our future but it opens the door to more and more dangers if we aren’t prepared.”
To help manufacturers prepare and protect themselves from these dangers, MMA has partnered with Application Specialist Kompany (ASK) to provide a solution with a special discount to members. MMA’s Cyber Threat Protection, powered by ASK, is a one-of-a-kind, all-encompassing, threat detection and response system to help you protect your company, your employees and your customers.
“Manufacturers need access to a solutions provider that offers constant monitoring and the ability to adapt and stay on pace with cyber criminals as businesses become more digital and technology continues to advance,” explained Hadden. “ASK showed us that they have the potential to be that solutions provider. They have the experience. They have the security tools. They are right for manufacturers of all sizes. And the members who have worked with them, believe in them.”
With everything you’ve built at stake, can you afford not to protect yourself from the threat lurking in the shadows to tear it all down?
Understanding the Threat: What is it and what can you do?
The first challenge is understanding how big the risk is. The facts outlined above only tell part of the story and many business leaders can be numb to the threat until it hits and, by then, it is too late.
“In the simplest terms, a security threat is anything originating from outside of your walls that is designed to bring harm or cause damage to your business,” explained Mike Maddox, president and CEO of Lansing-based ASK. “But cyber attacks are not simple. They can take many forms — denial of service attacks (designed to make systems unusable), phishing (e-mail compromise), ransomware (designed to extort money) — and can vary in the time it takes to infiltrate a system, its effectiveness and the amount of scorched earth it leaves behind.”
Executives must understand that implementing a risk mitigation strategy should not just be an IT function. Cyber security puts the survival of your business at stake and your strategy to face it should be driven from the top.
“Like all successful business plans, yours must commit to adequate planning, goal setting, communication, buy-in from executives and staff, implementation, testing and validation,” said Maddox. “Many companies do not have adequate internal resources to conduct this all on their own. ASK is a trusted partner that can deliver value and expertise.”
But how does a cyber attack start?
“The story of nearly every cyber attack starts one of two ways — with human error or human intent,” said Maddox.
It can be the innocent act of clicking a link, filling out a form or not asking the right questions. It can also be the intentional effort to infiltrate a system or bypass a process. In either instance, the greatest weak point you face comes from the people you interact with every day.
“This means that the number one goal is to better train your people on what to watch out for and the questions they should be asking while at the same time better training your systems to monitor for unusual activity and to react when they find it,” Maddox suggested. “That’s where MMA’s Cyber Threat Protection service comes in.”
MMA Cyber Threat Protection, powered by ASK, offers two core cyber security services — Live Security Monitoring (LSM) and Detect and Response (D&R) — and ASK’s security offerings are designed to protect a business from cyber threats that could cause extreme harm to the company and its intellectual property.
Step 1: Live Security Monitoring
With the average breach taking upwards of six months to detect, every manufacturer needs effective options for monitoring its network. With cyber criminals forced to face ASK’s unwavering security, getting in unnoticed becomes more challenging than ever.
ASK’s Live Security Monitoring constantly scans a network environment, combating emerging cyber threats and providing comprehensive features, including:
- 24/7 monitoring and detection of threats
Customizable reporting and alerting
- Log correlations
- Incident response
“We understand that, while the threat of cyber attacks is always there, not every manufacturer has the resources, staff time or inside expertise to track their systems,” said Maddox. “ASK can have eyes on your network at all times, watching for intrusions and fighting off harmful cyber threats.”
For the proactive manufacturer, the LSM feature is an asset and, in most cases, ASK’s team catches and remediates potential threats before the business is even aware something happened.
Step 2: Detect and Response
What does a business do when a breach happens? They are aware it is happening, but they don’t have the ability to stop it. Few things can be more devastating than knowing your business is at-risk and having no recourse to protect it.
“Detect & Response incorporates the industry’s most innovative prevention, providing visibility into the root causes and origins of the threat, reversing the malicious operations and remediating them at an agile speed,” explained Maddox. “When our monitoring locates abnormal procedures occurring in the network, we’re able to rapidly identify thousands of variants of viruses, malware and the root causes of malicious behaviors by quickly diagnosing source processes and programs.”
Not only can MMA’s Cyber Threat Protection service protect a manufacturing facility of any size or scope in Michigan, it also secures the actual devices you use every day. For businesses with a mobile workforce or home-based staff, this is an ideal solution.
Additional Benefits of MMA Cyber Threat Protection
Like all trusted MMA service offerings, MMA’s Cyber Threat Protection does more than just Live Security Monitoring and Detect and Response. The following features ensure greater peace of mind that your business will be there tomorrow:
- Threat Intelligence: Receive manufacturing-specific threat intelligence delivered bi-weekly to know what vulnerabilities pose the biggest dangers to your business.
- Security Risk Assessments: Review a thorough analysis of your infrastructure including internal and external environment scans, policies, procedures and security mechanisms.
- Targeted Phishing Campaigns: Receive real-world phishing vulnerability assessments. Phishing campaigns can help educate staff to learn the signs of real phishing e-mails harmful to the business.
- Password Audits: Passwords need to be more complex than Password123. ASK’s audit includes brute force password cracking and password strength tests.
Sized Just Right for Small Manufacturers
Too often, small and mid-sized manufacturers believe they are at a lower risk for cyber attacks because of less brand recognition and less revenue to exploit. In actuality, with fewer resources to dedicate to cyber security, and more responsibilities falling on a smaller staff, small businesses are a high target for criminals.
“The current mentality you should have is ‘it’s not if we’ll get hacked, but when’ and that can be especially true for small manufacturers,” said Maddox. “Imagine all manufacturers are houses on a street. If you’re a criminal, you can spend all your time trying to break into the expensive house with a gated property, security guard and high-tech security system that can tell that you are coming. Or you can spend the same amount of time getting into 10 or 20 poorly secured homes who don’t even know you’re out there.”
“Most manufacturers do not have the cyber security expertise in-house to develop and implement an adequate strategy and most of the tools commercially available for businesses have been developed for Fortune 500 companies with budgets built-in for cyber security and a staff of cyber security professionals,” Maddox admitted. “MMA members can utilize ASK through the Cyber Threat Protection service to achieve, within their budget, what larger companies are paying hundreds of thousands of dollars for.”
Tailored for In-Depth Training of Talent and Tech
You don’t know what you don’t know and modern technology has turned cyber security into a cat-and-mouse game with businesses and law enforcement on one side and the criminals on the other. Every time one thinks they have an advantage, the other side is able to adapt and force a change of tactic. With this occurring in real-time, having the expertise of ASK at your disposal can help continuously train your company’s talent to know what to look for and what to do in the event of an attack. Their skilled team can also help your existing IT team upgrade its defense and develop a cyber security strategy that does what you need it to do.
“ASK has blended extremely well with our internal Orbitform IT resources to build an invaluable holistic infrastructure,” said Sponsler. “As we improved and modernized our network, they helped us to review our plans and offered options to strengthen its effectiveness. They have supported our growth and will be there as we execute strategies to grow the business. They are trusted advisors, partners and true friends of Orbitform.”
The one thing MMA’s Cyber Threat Protection isn’t is 100 percent secure. To fully protect your business, members should use this service in addition to other steps like end user education, strong controls and processes (both real world and through a network) and continuous improvement procedures.
“Even the best cyber security program can fail sometimes,” said Maddox. “A truly effective service — what MMA Cyber Threat Protection can be for you — relies on constant communication between us and your business. The more we can talk through what your needs are, where your vulnerabilities are and how advanced technology will affect you, the more secure we can make you.”
Protect Your Business Today
“Manufacturers must stop assuming they won’t be attacked and ignoring the fact that cyber security is more than an ‘IT issue,’” Hadden cautioned. “MMA’s Cyber Threat Protection puts your business in direct connection with an industry leader who can monitor, detect, respond and advise you on all your current weak points and position you to worry less and grow more. At the end of the day, you need to ask yourself ‘how much is my company’s survival worth?’”
There were 351,936 cyber attacks reported to the FBI in 2018, costing U.S. businesses more than $2.7 billion dollars and countless pieces of proprietary data. Will your business be the next one targeted?
Sign up for MMA Cyber Threat Protection and receive 10% off standard pricing for ASK security solutions. Contact ASK’s Scott Freitag, at 517-999-0242 or firstname.lastname@example.org, to get started.
Verizon Data Breach Investigations Report (2018)
Federal Bureau of Investigation