5 Steps To Protect Your Small Business from Ransomware Attacks
By Ken Fanger, MBA, CMMC-RP, President, On Technology Partners
Ransomware attacks, like the one that shut down the Colonial Pipeline in 2021 and caused public panic about gasoline, have been on the rise in the past few years. These attacks have been increasing exponentially and steadily becoming more and more of a problem for companies of all sizes to keep an eye on.
In particular, ransomware attacks are now a massive issue to address for small to mid-size businesses and manufacturers. It’s no longer just regular computers you need to worry about: ransomware can attack any number of systems, and the introduction of intelligent IIoT devices for OT operations has only compounded that risk.
IIoT devices are usually distributed around an entire production plant and may not have the same security standards of other network-attached devices. Often the OT deployment is outside of the IT department’s management and the cybersecurity risks may not be known or understood.
It is very common for IIoT devices to be built on older technologies that have dangerous security vulnerabilities. As ZDNet has reported, security vulnerabilities related to communications protocols could be the foothold for cyber attackers to tamper with these devices. Essentially, IIoT devices that are not up-to-date and secure could create a back door into company networks.
This OT security problem is felt at all levels, big and small. Many may remember the attack on Target, where cyber criminals used Target’s HVAC control system to gain access to their systems and attack. That attack compromised millions of user accounts, making not even larger institutions invulnerable.
The problem of ransomware is felt even more sharply by small to midsize manufacturers because they lack the cybersecurity resource to design and control network access and management. While advantages that OT/IIoT technologies offer are vital to the financial success of manufacturer, they create dangerous opportunities to damage a company. In fact, according to Cybercrime Magazine, 60% of small businesses that get hacked close within 6 months. It is a terrifying thought that your IIoT devices could result in losing the company.
So, as a manufacturer, you might be wondering: how do you protect your company? To start, consider these 5 steps.
Five steps to protect your small business from ransomware attacks:
1. Know your risks. Discover if your company has IIoT/OT technologies and if so, see if your IT team can isolate them from the general network. Isolation will be a key component to protect the other vital systems.
2. Create an inventory of all IIoT/OT devices that are in use. With seemingly everything becoming a smart device, it can be easy to lose track of what’s out there; you need knowledge of all your sources of risk. Always remember those smart devices are tiny computers attached to your network. By knowing which devices are connected to a network, it is easier to know what may attack those devices.
3. Segment off IIoT devices. Most modern enterprise networking equipment are capable of creating segmented network areas for IIoT/OT systems. There are specifically-designed network structures that consider security and assist in the deployment of IIoT/OT technologies, even if the IIoT device has no security features.
4. Monitor your systems. It is essential that you are aware that there is an attack or a breach if one occurs. Have a way to monitor your system and assure that it has not been breached. Different companies offer SIEM (Security Information and Event Management) monitoring to assist in protecting a company’s network.
5. Have a plan of action to address attacks, including ransomware. These plans dictate what actions to take to stop the spread and mitigate the damage of a ransomware attack. For example, a plan might include how to contact customers and provide information to the outside world. The days of not disclosing an attack have proven disastrous for many companies. Because cyber-attacks occur so frequently now, most customers understand that it does happen and are appreciative of the heads up.
When in search of protection against ransomware, make sure to ask providers if they are using ransomware-resistant backups. This means that the backups use AI to detect and prevent the ransomware from spreading across the backup. It also means that backups are not directly connected to the protected system, allowing the backup to exist outside of the computer itself.
You will also want to ask for a ransomware rollback system. With this type of protection on your computers, the computer that is affected by ransomware is able to return files to a preserved state like before the ransomware happened.
Lastly, be sure to have these areas of cybersecurity defined:
1. Strong passwords
2. Anti-virus/anti-spam
3. Least Rights Rule: Restrict user accounts to use of only necessary rights
4. Restrict system accounts (like the ones that run IIoT) to Least Rights Rule
5. Have a fun, effective cyber training program for your employees
Unfortunately, none of these steps can fully guarantee that ransomware or another attack will never get through, but they will significantly reduce the chance of an attack and even reduce or remove the damage caused by such an attack.
In fact, a client of my company had a ransomware attack reach their server; however, because of a proper ransomware-resistant backup solution and monitoring, we were able to detect the attack and reverse the damage. They were only down for fifteen minutes, and there was no loss of data.
Fifteen minutes of your time is a lot better deal than thousands of dollars of damage and a loss of all your data. That’s why, as manufacturers, arming yourself against ransomware is the key to preventing it from becoming your kryptonite.
On Technology Partners / Info@ontechpartners.com / (216) 920-3100