How to Detect a Cyber Attack Against Your Company

This article originally appeared on IndustryWeek. Guest blog post by Traci Spencer, Grant Program Manager for TechSolve, Inc., the southwest regional partner of the Ohio MEP, part of the MEP National Network^TM.

This article is the third installment in a five-part series outlining best practices when it comes to "Cybersecurity for Manufacturers." These recommendations follow the National Institute of Standards and Technology (NIST) cybersecurity framework, which has become the standard for the U.S. manufacturing sector.

In part two of the MEP National Network five-part series on “Cybersecurity for Manufacturers,” we covered how to protect your valuable electronic assets from information security threats. But if your manufacturing facility was targeted by a cyber criminal, would you be able to recognize the threat? Or, if an employee was doing something malicious, such as diverting payments into their personal account, would you be able to detect the activity? Fast detection is key to successfully containing any fallout from an information breach. To respond quickly to a cyber attack, you must first have the right mechanisms in place to detect the threat.

Install & Update Anti-virus & Other Cybersecurity Programs

If you haven’t already installed anti-virus, anti-malware, and anti-spyware software on every device at your manufacturing facility, now is the time. Install, use, and regularly update these cybersecurity measures on every computer, tablet, and smartphone.

These mechanisms can help shield your company’s valuable data and information from malware, which is the catch-all term for malicious code. Written with the intent to steal or cause harm to information systems, malware contains viruses, spyware, and ransomware. Malicious code can not only steal your computer memory; it can also enable a cyber criminal to record your computer actions and access sensitive information.

To get the most out of your anti-malware programs, set the software to automatically check for updates at least once daily, or in real-time, if available. Adjust the settings to run a complete scan after daily updates.

An example of typical business anti-malware settings might include:

• Running anti-virus programs daily or nightly, such as at midnight
• Scheduling a virus scan to run about half an hour later (12:30 a.m.)
• Following up by running anti-spyware software a couple of hours later, such as at 2:30 a.m.
• Running a full system scan shortly afterward (3:00 a.m.)

This example is based on the assumption that a facility always has a running, high-speed Internet connection for all devices. The timing of your updates and scans may vary, but you need to perform them daily. Be sure to schedule them so that only one activity takes place at any given time.

For home-based employees or for employees’ personal devices, make sure they have copies or access to the same anti-virus and anti-spyware software, and require them to run regular updates per the previous example.

It is important that all employees understand why running anti-virus, anti-malware, and anti-spyware is vital to protecting company information and assets. Employees must also understand how early detection could potentially save the company from serious consequences associated with a cybersecurity incident or breach.

For redundant security, you may want to use two different anti-virus solutions from different vendors. Using anti-malware protection from two different providers can improve your chances of detecting a virus. Routers, firewalls, or Intrusion Detection and Prevention Systems (IDPS) usually have some anti-virus capabilities; but you don’t want to rely on them exclusively to protect your network.

Keep in mind that anti-virus solutions can only detect known viruses. If a new virus is developed and deployed, your anti-virus may not be able to detect it. It is important to keep your anti-virus solutions up to date in order to detect the latest viruses.

Maintain & Monitor Detection Logs

Most malware protection and detection hardware and/or software is equipped with logging capability.

Check your user manual for instructions on how to:

• Use your logs to identify suspicious activity
• Maintain regular log records that are valuable in an investigation
• Back up logs regularly and save them for at least a year (although some types of information may need to be stored for longer)

For added peace of mind, consider hiring a cybersecurity professional to review your logs for any red-flag trends, such as an unusually large amount of time spent on a social media site or a high frequency of viruses consistently found on a single computer. This activity may indicate a serious information security problem that requires stronger protection.

Now that we’ve run through the right mechanisms for detecting a cyber threat, we’ll explore how to respond if you do detect an attack, in the fourth installment of our five-part series on “Cybersecurity for Manufacturers” from the MEP National Network.

For more advice on cybersecurity best practices for manufacturers, contact the cybersecurity experts at your local MEP Center.