Cyber Breach is a rapidly evolving risk for manufacturers. Denial of Service (DOS) attacks and Ransomware can shut your operation down and if any of your CNC machines are connected to your LAN, they are at risk of being tampered with (bricked).
Breaches of privacy impacting your employees or customers creates a liability for manufacturers who will be legally responsible to make things right even if not caused by you.
Insurance policies are strong solutions for when all else fails, developing Cyber Resiliency is your first line of defense.
Working with our Cyber IT partner, we assist with team training and other tools to increase cyber resiliency, to reduce the impact bad actors can have against your organization.
Sign up free for an employee training tool here. 90% of cyber incursions come through staff.
Sophos – The State of Ransomware in Manufacturing and Production 2022
A local metal fabrication shop has their CNC equipment connected to their network to allow diagnostics and upgrades from the equipment dealer.
Their systems were compromised through successful phishing attacks and hackers took advantage of a security breach because of a missed update to the CNC software. The hacker was able to lock down the equipment and requested ransom.
Ensure that all computers including CNC equipment have all software security patches up to date.
Although the best claim is the one that never happens, a Cyber Breach insurance policy should be your last line of defense with funds and a team available to get you out of the glue.
An Edmonton university was defrauded of $11.8 million after staff failed to call one of its vendors to verify whether emails requesting a change in banking information were legitimate.
MacEwan University discovered the fraud after the legitimate vendor, a construction company, called to ask why it hadn’t been paid.
Three payments were made to the fraudulent account totaling almost $12 million. University spokesperson said the scammers sent emails that looked legitimate.
“A domain site with the authentic logo was sent,” “The individual asked us to change banking information from the vendor. That information was changed.”
All changes to vendor accounts should be verified directly rather than taking one email or phone communication at face value. Hackers will get into your system and watch email traffic for months before acting. They know what is going on and when an opportunity presents, they quite effectively jump on it.
As high as 90% of all cybersecurity breaches are caused by human error. Insurance policies can be strong backstops, but risk control through employee training can prevent a claim from happening in the first place.
Funds Transfer Fraud insurance is something that is available to be added to most Cyber Breach policies. Brokers providing ‘cookie cutter’ solutions may miss this.
The CEO of a local manufacturer had her email compromised, likely by clicking on a bad link. This allowed a bad actor to have shared access to her email.
Waiting and watching the CEO’s emails, the criminals saw an opportunity. The CEO was travelling to Europe to finalize the deal on a new piece of equipment. The bad actor sent an email from the CEO to her CFO confirming they were going to buy the equipment and provided payment links which directed funds not to the equipment seller, but to the bank account set up by the bad actors. The funds were transferred and lost.
Dual authentication would have prevented this loss of funds. Had the CEO or the CFO made a quick phone call to confirm the transaction, the fraud would have been thwarted.
Cyber insurance policies covers your direct losses resulting from cybercrime and other financial damage.
The president of a local manufacturing company was working with his personal investment broker to move personal funds into his investments.
A bad actor had gained access to the investment broker’s email and was watching the exchange waiting for an opportune moment to redirect funds. The president received an email from the bad actor using the investment broker’s email address, providing banking information to steal the funds earmarked for personal investment.
Dual authentication would have prevented this loss of funds. Had the president made a quick phone call to his investment broker to confirm the transaction, the fraud would have been thwarted.
Many Cyber insurance policies will automatically extend coverage over directors personally. Even though the bad actor attacked the manufacturing president through the investment broker, a cyber insurance policy could have protected and provided coverage for the stolen funds in this instance.