When someone tapped into Helmy Associates & Co.’s network after hours last year, it caught the plastics manufacturing company off guard.
“We thought we were doing something wrong, or our employees were doing something wrong,” said CEO Mona Helmy.
The San Antonio business implemented more security measures, such as changing how they share information and adding coverage for cyber attacks to their commercial insurance policy, Helmy said. They were able to mitigate the damage, but guarding against future attacks is an ongoing concern, she added. She believes many companies, big and small, are underestimating cyber threats.
“Most aren’t doing enough,” Helmy said. “They don’t see themselves at risk. We honestly didn’t.”
In what some have called the fourth industrial revolution and the Internet of Things, manufacturing is quickly becoming more automated and digitally connected. These changes have a range of benefits, such as greater optimization, efficiency and more data collection, said Kim-Kwang Raymond Choo. Choo holds the cloud technology endowed professorship in the University of Texas at San Antonio’s College of Business Department of Information Systems and Cyber Security.
But the changing landscape also presents security concerns for companies and their vendors. More Internet-connected devices that are collecting data mean there are “many more ways” for people to get in, Choo said. Data can be stolen for corporate espionage or production processes can be disrupted, he said.
“Just imagine the door to your home is wide open,” he said. “It’s all about information.”
Rob Dodson, an instructor at DC Industries, which provides cyber security training, said if a production line shuts down or a hacker steals proprietary information, the consequences can be severe — not just financially, but also for a company’s image and reputation.
“It happens more often than people realize,” he said.
There are also risks within the supply chain, Dodson said, citing Target’s data breach in 2013. An investigation found that hackers got into the retailer’s server via credentials stolen from a third-party vendor, according to a statement by former New York Attorney General Eric Schneiderman.
Jim Perschbach, president and CEO of Port San Antonio, said there’s an opportunity for companies to work with cyber professionals to better secure critical infrastructure.
“Until very recently, most of them didn’t talk to each other,” he said. “These are not problems that are easily solved unless you have both sides of the equation together.”
San Antonio-based Cox Manufacturing is a supplier for Lockheed Martin, and about two years ago the aerospace giant gave the company a survey to complete to ensure they meet certain security standards, said president Bill Cox. They found they “were at roughly 30 percent of what we needed to be,” Cox said.
One of the next steps was hiring a third-party white hat hacker and the company later achieved the necessary score for the survey, Cox said. They’re currently in the process of getting a quote for cyber liability insurance, and educating employees to recognize red flags is an ongoing priority, he said.
“We are vigilant and we don’t take it lightly,” Cox said. “In the future, it is probably going to be a much bigger risk.”
Cyberterrorism and theft are concerns for ITM, a Schertz company that builds custom-made equipment and components, said CEO Ian Weiswurm. There are reams of blueprints used in manufacturing, often with closely-guarded secrets, and more of those drawings are done electronically now, he said. After one of the company’s neighbors was the victim of a cyber attack, they talked to their IT consultants and decided to backup their files off-site.
“In the old days, everything was done by hand and hand-drawn on easels,” he said. “It’s all done on computers now.”
The San Antonio Lighthouse for the Blind & Vision Impaired has had firewalls and other security measures in place for some time, but within the last five years they’ve increased protections, said IT manager Bill Geraths. The Lighthouse produces apparel, office supplies and other products for the military and commercial customers in San Antonio and elsewhere. With the clients they serve, rising product volumes and selling items online, protecting data and credit card information has become even more crucial, said CEO Mike Gilliam.
Phishing emails, where someone poses as someone else to extract information, is a big concern, he said. They have filtering technologies in place and educating employees is also part of the approach, Gilliam said.
“There’s just incredible value in having data on individuals,” he said.
Vincent Rendon, IT manager for Ultrafryer Systems, a San Antonio company that makes restaurant equipment, said some of the mom-and-pop vendors they work with aren’t as aware of the threats. The biggest threat currently is ransomware.
“If things get into our network, that would shut us down as a business,” Rendon said.
Several local companies have suffered ransomware attacks and the San Antonio Manufacturers Association decided to offer a seminar on cyber security about two years ago, said president and CEO Rey Chavez. SAMA plans to offer another training session in 2019.
“They are very concerned about it, especially now that businesses are doing well and not wanting to have any disruptions in their operations,” Chavez said.
Still, people who work within manufacturing and outside it don’t realize the potential impact of an attack, he said.
“From a business and personal sense, I don’t think people are totally aware of the damage that can be done by not protecting yourself,” he said.
TechSage Solutions, a San Antonio company specializing in IT support and other services, is one of the companies SAMA works with to educate members. Companies need a multi-layered defense to combat attacks, which have the potential to put them out of business in a very short amount of time, said president and CEO John Hill. Beyond the effects on their own operations, they could be liable for a customer or supplier experiencing an attack, he added.
Hill recommends signing up for email alerts from a bank for withdrawal points over a certain threshold and requiring physical signatures on transactions like wire transfers, among other tips.
“You can never 100 percent guarantee you’re not going to be compromised,” he said. “All you can do is do the best you can within the budgets you’ve got.”
Many manufacturers have expanded and bought other companies, and they may not know what the business they bought has in its own systems, Dodson said. When he works with manufacturers at DCI, he tells them to think about their “crown jewels,” how long they would be able to stay in business if their production went down and how their facilities are monitored.
With younger people moving into management positions, there’s more awareness of cyber threats, he said. Implementing security controls can be difficult for manufacturers and requires careful planning to integrate into their systems and processes, but it’s necessary, Dodson added.
“There’s a lot of due diligence that has to be done,” he said. “If you don’t do it, it’s going to bite you.”
Article originally published: https://www.expressnews.com/business/local/article/Cyber-security-a-growing-priority-for-13356137.php