Defending Against and Responding to Cyberattacks
* By John Paxton, MHI COO/CEO Designate *
If your company hasn’t sustained damage from a cyberattack, then you’re one of the lucky ones.
According to a survey from the cybersecurity company Tenable Inc., over just the past two years, 90% of companies in the energy, health care and manufacturing sectors have suffered a cyberattack that led to data breaches and either a significant disruption or a complete halt to business operations. To make matters even worse, 62% of companies in these sectors were hit with two or more attacks during that span.
“Those are crazy numbers. That’s just about everybody,” said Louis Coleman, director of sales and marketing for MHI member Autoquip. “Those statistics show that the horse is already out of the barn, and most people are just not aware of or are not talking about those statistics.”
To help MHI members and their customers to better understand the risk, Coleman recently shared with me the details of a ransomware attack that greatly limited Autoquip’s operations for two weeks. Executives came in one morning last spring to find all of the company’s current files and data encrypted, and hackers were demanding money in exchange for removing the ransomware.
Autoquip still had access to its historical data, thanks to periodically scheduled backups, but its enterprise resource planning system was shut down.
“It’s a critical point to get across to people: When they infect your ERP system, it impacts everything you do,” Coleman said. “You really cannot do anything! You can’t quote, you can’t produce, and you can’t design through your system. We were essentially shut down for two weeks.
“We went to paper processes and were able to move things through the factory, but it still impacted the front end of the business in terms of taking new orders, designing new products and pushing them into manufacturing. Inventory had to be done manually with paper. Everything went into manual paper mode.”
Fortunately for Autoquip, the company had taken out insurance against cyberattacks, and that insurer connected Autoquip with cybersecurity experts who could remove the ransomware.
Last year, a report from the White House Council of Economic Advisers estimated that in 2016, malicious cyber activity cost the U.S. economy about $109 billion, including ransom payments. Businesses may be tempted to pay the ransom and quietly put the incident behind them, but the FBI doesn’t encourage victims to pay ransom to hackers. The agency reminds victims that criminals may not restore their data even after they pay, and businesses that pay might be targeted again in the future.