While cybercrime in many forms continues to escalate, the fastest growing threat is ransomware, in which your data is held prisoner until you pay off the cybercriminals. According to the Web site Fight Ransomware, these attacks increased 300% from 2015 to 2016, with over 4000 attacks now occurring each day.
For any business, the obvious concerns are financial data, personnel information that can be used for identity theft, and intellectual property. However, for manufacturing companies, an additional threat is disruption of production due to the growing interconnectivity of factory equipment. As the Industrial Internet of Things (IIoT) continues to expand, this threat becomes even greater.
How does ransomware happen?
Typically, cybercriminals infect your computer system by tricking an individual through one of these means:
An email appears in your inbox from what appears to be a trusted source. In actuality the criminal has hijacked the source’s email address to fool you. The email includes an HTML link. Once you click on it, the ransomware program infects your computer and encrypts all of your files, demanding you pay the ransom in a specified period of time, and they will then unencrypt your files. Of course, like any ransom request, there are no guarantees that your data will be released if you pay the criminals. That’s why many victims refuse to pay the ransom.
A variation of this approach is an email sent with an attachment that, when downloaded, releases the ransomware virus.
Another way to become infected is to visit a Website that has advertisements infected with the ransomware software.
What can you do to defend your computer systems?
Educate your staff. Everyone who uses computers or other connected devices should be aware of the methods criminals use to infect your system. If an email looks at all suspicious, even if it appears to come from a known source, they should not open it. They should look for such things as additional characters in the sender’s email address, impersonal subject lines such as “thought you’d like this,” HTML links in the email body without any explanation, and unfamiliar attachments – especially those with .exe file extensions. These are executable files that likely contain malware. When visiting Web sites, look for signs that they are bogus, including strange looking URLs, odd looking logos and poorly written text.
Use anti-virus software. This may seem like a no-brainer, but a surprising number of companies either don’t have anti-virus software or don’t update on a regular basis. Automatic updating is available with many of the best-known software suppliers and it’s wise to take advantage of this feature.
Backup, backup, backup. Your best defense against ransomware is to continually backup your files. Have a plan to manually or automatically backup files on a regular basis and, better yet, also use a reputable and secure cloud-based system that stores your files in real time, so you have redundant backups. That way, even if your system is infected, your data is retrievable without giving in to ransom demands.
Stay informed. Cybercriminals are constantly coming up with new ways of stealing information. This means that you, your IT department or consultant must stay on top of ransomware and other cybercrime developments. Information technology opens up enormous possibilities for improving manufacturing performance. We just need to keep the intruders who mean us harm at bay.