Article by Andrew Mamonitis, Vice President – APAC, Manufacturing Division, ECI Solutions
How much of a hit to the bottom line would a few hours or days offline represent to your manufacturing business right now?
Experience a cyber attack that prevents you accessing vital customer and corporate data – the lifeblood of every enterprise in today’s digitally-driven business world – and you’ll learn the answer soon enough, to your cost.
Chances are, it’ll be more than your business is willing or able to pay. The average self-reported cost of a cyber-crime incident in 2023-24 was $49,615 for small businesses, according to the Australian Signals Directorate’s latest Cyberthreat Report. That figure rose to $62,870 for medium sized businesses and $63,602 for their larger counterparts.
The threat is real
Ransomware and data theft extortion (the exfiltration of data without encrypting victims’ systems) remain pervasive threats, with business email compromise and fraud high on the list of self-reported crimes.
Attacks are becoming increasingly targeted, as cyber-criminals leverage artificial intelligence to gain an ‘in’, the Report noted.
If you’ve previously comforted yourself with the thought that your low-profile operation is unlikely to be on their radar, it’s time to think again – and fast.
Australian SMBs in general, and small manufacturers in particular, are squarely in the sights of the international cyber-criminal fraternity.
That’s because, in common with all good businesspeople, these bad actors want to achieve a return on investment. In their case, that’s the time they spend planning and executing ever-more-creative attacks on businesses that may be persuaded to pay a little or a lot to get their data back.
Homing in on soft targets sees them most likely to strike pay dirt and they don’t come much softer than this frequently under-protected cohort.
When your number is up
The latest alleged victim from the manufacturing sector is Brisbane based Watkins Steel, a family-owned firm that fabricates and installs steel and metal structures for clients in the mining and construction sectors.
In late April, the Akira ransomware-as-a-service operation claimed to have stolen a cache of its employee, client, project and financial documents – 17 gigabytes worth of sensitive corporate data, according to a Cyber Daily report.
Wind the clock back a month and it was Victorian medical device manufacturer Compumedics in the headlines, as the reported victim of newly emerged ransomware operation VanHelsing.
The latter claimed to be in possession of employee passport scans, product and testing data and other sensitive information it threatened to publish if the business failed to pay up, according to Cyber Daily.
Counting the costs
Alas, for manufacturers that fall victim to a ransomware or data theft extortion attack, recovering their data and restoring their systems isn’t the end of the story.
Australia’s stringent data privacy laws require businesses that have experienced an attack to notify affected parties and the Office of the Australian Information Commissioner, if personal information has been compromised and serious harm is likely to ensue as a result.
The privacy watchdog may order firms to take specific actions to remedy breaches and impose enforceable undertakings and compliance notices.
It also has the power to impose penalties of up to $50 million, or three times the value of any benefit obtained, on firms that have allowed serious or repeated breaches of privacy to occur.
Prevention is better than cure and the best way to stay out of trouble is to harden your defences; making your internal systems a tougher target when cybercriminals come calling.
Secure in the cloud
Decommissioning legacy, on-premises programs and platforms and migrating business critical data to a cloud-based enterprise resource planning solution is a straightforward and cost-effective way to do just this.
Choose a vendor that understands the unique requirements of the manufacturing industry and takes the integrity of customer data seriously and you’ll enjoy a dramatic cyber-security uplift.
Ideally, they’ll provide a comprehensive range of safeguards to keep your data private and safe, including multi-factor authentication, firewall protected servers and the latest encryption technology.
You’ll also enjoy the peace of mind that frequent back-ups can provide: if your software partner is serious about cyber-security these will be conducted hourly, not on the ad hoc schedule all too many small and medium sized manufacturers currently follow.
Building a stronger future for your business
In today’s times, a cyber-attack is a strong probability rather than a possibility, for Australian manufacturers that haven’t taken steps to protect their operations and data.
Adopting cloud-based platforms and programs is an effective way to improve your security posture. If you’re serious about ensuring your business doesn’t become a statistic, it’s an investment you can’t afford not to make.
Opinions expressed in this article are those of the author.
