Six steps for preparing a manufacturing organization for a ransomware attack

In Q2 of this year, we observed that 70% of 177 alleged ransomware attacks that impacted industrial organizations were in the manufacturing sector. It’s really nothing new – in 2021 manufacturing became the industry most targeted by ransomware, and that trend continued throughout 2022 and 2023.

Many large companies began their manufacturing cybersecurity journey in 2017 following the WannaCry and NotPetya incidents. But many jumped right into technical solutions and neglected basic foundational elements of an operational technology (OT) security program.

Other small and medium-sized companies have not yet started their manufacturing security journey. Here we outline a step-by-step process for manufacturers that have not yet developed a manufacturing cybersecurity resilience program, and we also offer a double-check for large manufacturers to ensure that they haven’t overlooked some of the basics.

Step 1: Take care of the basics.

Manufacturers need to start with an asset management program. If the organization does not have one, it has two choices: if it can afford to buy technology specifically for OT asset management, buy it. If not, grab a spreadsheet and start an inventory of everything in the plant. At the same time, train employees in the plant on what they should do if a ransomware message appears. And have top leadership work with the legal team to determine if the company would pay the ransom – don’t wait until a crisis to research the details behind this complex decision.

Step 2: Put in fundamental protective measures.

While working on Step 1 also start putting some protective measures in place. Get the IT team involved (even if it’s outsourced) – they are an important partner in these activities. First, determine if there are any assets in the plants that are exposed to the internet, and if so, remediate. Second, vendors can spread malware from customer to customer, so put a process in place for vendors to securely access and transfer files to the plants. Finally, implement a secure remote access solution, including multi-factor authentication.

Step 3: Prepare for the worst.

While putting the fundamentals in place as well as some basic protective measures it’s…