John Persinger, Associate, MacDonald Illig
Although the Sony, Target, and Home Depot data breaches dominated the recent headlines, manufacturers are also increasingly coming under attack from hackers. There are two specific types of attacks that are on the rise: (1) spearfishing attacks; and (2) intellectual property theft.
Spearfishing attacks primarily start as an e-mail that appears to be from a trusted source, such as a boss or coworker. The purpose is to coerce you into providing a payment or sensitive information. To achieve this goal, the attacks will mimic the language and style used by the trusted source. Earlier this year, Krebs on Security, a cyber security blog, reported on an Ohio manufacturing firm that had suffered a spearfishing attack. An employee received a supposed-email from her boss, who was traveling abroad at the time. The e-mail asked her to wire $315,000 to China to pay for raw materials, which the employee did. Apparently, the boss had requested such transfers before, so the e-mail did not seem out of the ordinary. However, after reviewing the e-mail further and picking up on the formal tone, the employee realized that it was a scam, and the bank stopped the wire transfer.
Manufacturers are also facing an increase in attempted intellectual property theft. In May, the U.S. Government indicted five Chinese nationals for computer hacking, economic espionage and other offenses. The Government alleges that these hackers, among other activities, hacked Westinghouse and stole confidential and proprietary technical and design specifications for pipes, pipe supports, and pipe routing within a Westinghouse-built power plant. Manufacturers with government contracts are particularly susceptible to attacks from foreign hackers.
To better protect your business from hackers, here are a few things that you should consider:
- Identify What is At Risk. Do you have customers’ financial records? Intellectual property? By determining what is at risk, you can better prepare for an attack.
- Update Technical and Security Protocols. Test your network to determine any vulnerabilities. Counsel employees on the proper handling of network user names and passwords.
- Invest in Cyber Liability Insurance. The average cost of a data breach is an estimated $3.8 million. Obtaining cyber-liability insurance may help defray these costs.
In the event that you suffer a cyber-attack, here is what you should do:
- Contact a Cyber Security Consultant. You will need to determine what has been taken and ensure that the hackers no longer have access to your network.
- Contact Legal Counsel. If you suffer a data breach, you have specific legal obligations. Consult an attorney to ensure that you fulfill these obligations and mitigate any potential liability.
As more information becomes digital and more workplaces rely on digital technologies, hacking attempts of manufacturers will only grow. By preparing for these attacks now, you will possibly prevent an attack from occurring or you might minimize your liability if an attack occurs. MacDonald Illig’s Emerging Technologies Practice Group can entertain questions about preventing or responding to a cyber-attack. The government contracts are particularly susceptible to attacks from foreign hackers.