There’s a common misconception that cybercriminals only target large companies. Bad actors have realized that they can steal valuable intelligence from an OEM by hacking the weakest links: smaller, less protected companies. As OEMs beef up their internal cybersecurity, they need to be sure their suppliers and other partners are also protected against cyberattacks.
Now’s the time to talk with your injection molder to find what they’re doing (or NOT doing) to protect you from a data breach.
Injection molders maintain sensitive OEM information on their servers such as proprietary designs, new product R&D, and billing account details. In the wrong hands, this information can be stolen, misused, and even held for ransom. Some attacks may completely halt production or lock companies out of vital data. Here are ways in which the breach of a supplier’s system can impact an OEM:
- Data theft – If bad actors gain access to a supplier’s network they can take proprietary design and research information to sell on the dark web or to competitors. This can devalue the time and money spent on new product R&D and eliminate the advantages of being first to market.
- Ransom – Once a network is breached attackers often encrypt it. This prevents a company from accessing the data on their network until the victim pays a costly ransom. Once the ransom is paid, the attacker may renege on the deal or their decryption tool may not work. Paying a ransom doesn’t guarantee a solution. Plus, there’s a chance that they will sell your stolen data regardless of whether payment is received.
- Business Email Compromise – All it takes is one click on a bad link for a phishing scam to load malicious software onto a network computer. Or a false login page is used to steal users’ login credentials. Then the attacker has access to important information like customer emails and bank accounts. By impersonating the victim, criminals can send communications to customers that request payment, or other information, and reroute those activities to another account. This is often successful because the communication appears to come from a known, legitimate email address.
- Operation shutdown – If an attacker can get into a network and access smart devices and equipment in the plant, those operations may be shut down and locked. An example is the June 2021 attack on the Colonial Pipeline, which saw its valve system locked and the entire distribution system brought to a standstill. It may take months for an operation to fix all the damage and be running at full capacity again.
Some smaller companies are shortsighted in how they handle the issue of cybercrime. Many feel that it’s sufficient to use basic level security software and get cyber insurance to handle negotiations and costs for recovering stolen information. But this approach is lacking in many areas of protection, detection, and recovery.
Here are ways that New Berlin Plastics is proactively making significant investments to prevent cyberattacks and to protect its OEM partners:
There are more cybercrime software options available than ever before. Basic protections like firewalls and antivirus tools detect viruses, malware, and spyware based on an established list of known threats. These tools aren’t sophisticated enough to protect against more advanced methods used to compromise networks.
New Berlin Plastics has implemented multiple layers of detection software that use AI/machine learning to detect unusual behaviors in email communications and network use. If the system detects an email going to an unusual address, or if a network user is suddenly accessing secure data, the system flags those behaviors and protects the system until these anomalies can be addressed.
The network at New Berlin Plastics is segmented and protected by firewalls. If one segment is breached, it is isolated and addressed without affecting the rest of the organization. The IT department regularly updates the system to ensure all software is up-to-date and running optimally. This helps protect against newly identified vulnerabilities.
Even with the best software in place, an uneducated person can still mistakenly click on a phishing link. New Berlin Plastics employees are trained to identify suspicious emails and are regularly tested with fake phishing emails to determine if any employees need additional training.
Remote workers with VPN access can be an easy entry point for hackers. To prevent this, New Berlin Plastics restricts remote access to company-managed devices, not on personal computers. This ensures all computers accessing its network remotely are protected by the same security systems as the internal network.
A data backup system is helpful but not perfect because it can fail or be compromised by hackers. New Berlin Plastics’ backup system maintains multiple copies of data in multiple locations; both on-site and off-site as well as on-network and off-network. If a cyberattack makes it past the many levels of detection and protection, New Berlin Plastics has doubled its cybersecurity insurance coverage to recover stolen and ransomed data.
A real-world close call
New Berlin Plastics’ extra-mile cybersecurity efforts recently paid off:
Earlier this year, a third-party IT service provider it uses was compromised and encrypted, which led to a number of its customers also being encrypted. A third-party forensic investigation determined that New Berlin Plastics’ network was not compromised. This was due to the thoroughness of its cybersecurity protections
Is your supplier protecting you?
- To ensure your injection molder is doing everything it can to safeguard your data, ask these questions:
- What are your practices and processes for maintaining the most current system updates?
- What are you doing to secure remote access to internal systems?
- Are you training employees to identify phishing or social engineering attempts?
- What layers of security are on your network besides basic firewall and antivirus software?
- What are you doing to ensure basic cyber hygiene?
- What is your process for ensuring system updates are executed regularly and in a timely manner?
If they can’t answer these questions adequately, your proprietary data may be at risk.
Don’t take chances with your data. Make sure that your injection molder is bringing its A-game to the issue of cybersecurity.