“Know thy enemy” is advice that’s attributed to Sun Tzu, a Chinese military strategist from antiquity who wrote a book called The Art of War. For modern manufacturers who are more concerned with the bottom line than in attacks from behind, it’s easy to dismiss Tzu’s warning as best left to military planners. Yet, any manufacturer that is connected to the Internet faces cyberattacks. To know your enemy makes good business sense but you must also understand that there are many types of adversaries.
Hackers are not monolithic. Some are thrill-seekers. Others are vandals. There are also cyber attackers whose ideology may confound you. Of course, some of the best-known cyber threats come from organized criminals and state-sponsored actors. You’re probably heard of some of the specific tactics, such as phishing, that cyber attackers often use. But how well do you understand the motivations of your potential enemies, and how can you use this information to bolster your cyber defenses?
Let’s think strategically and examine some of the adversaries that manufacturers are facing. You’re also invited to learn more in an upcoming webinar called Enemies and Attacks.
Knowing Your Cyber Enemies
Recreational hackers penetrate computer networks for the thrill of the hunt, or to acquire bragging rights in the hacker world. They have limited technical resources but can still cause damage. Some are driven by fame or notoriety, but others hack websites simply because they can. Vandals are similar to recreational hackers but deface websites by changing text or images. Hacktivists also penetrate and deface websites, but to deliver a political or ideological message.
Most manufacturers know that cybercriminals routinely target businesses for financial gain. Sometimes, these cyber enemies steal data, such as account information, that is then used to transfer money illegally. Cybercriminals can also steal intellectual property (IP) or deploy ransomware to encrypt a victim’s files until a payment is made. Other types of cybercrime include identify theft, debit or credit card fraud, cyber extortion, and trafficking passwords.
State-sponsored hackers are funded by nation-states and have significant technical expertise and financial resources. These cyber enemies pose advanced persistent threats to U.S. manufacturing, but especially to companies in the defense supply chain. The motivations of state-sponsored hackers can range from industrial espionage to undeclared cyber warfare. PLA Unit 61486, part of China’s People’s Liberation Army (PLA), has long been identified as a threat to U.S. commercial targets.
Learning to Defend Against Cyber Attacks
Now that you know more about potential cyber enemies, how will you use this information to strengthen your cyber defenses? NIST 800-171, a special publication from the National Institute of Standards and Technology (NIST), is commonly understood to establish a minimum good level of cybersecurity practice. If you are a NYS manufacturer that is part of the DoD supply chain, help is available so that you can complete a NIST 800-171 self-assessment. Cyber grants are available, too.
To learn more, register for the Virtual Cybersecurity Workshop that’s scheduled for November 18, 2020. You’ll hear from cybersecurity experts and get the facts about the 2020 Cybersecurity Assistance Grant. If you’re able to travel to the Finger Lakes for an in-person event, please join us for Rochester Cybersecurity Workshop on December 9, 2020. Space is limited because of the COVID-19 pandemic, so don’t wait to sign-up if you want to attend.