Cincinnati Crane & Hoist of Harrison, Ohio manufactures and installs long-span overhead cranes. In 2017, this Veteran-Owned Small Business (VOSB) was the victim of a spearfishing campaign that resulted in financial losses so severe that the company was forced to lay off employees. Spearfishing, a type of cyberattack, tricks a user into sharing sensitive information. Cyber criminals also use spearfishing to install malware that can damage or permit unauthorized access to computer networks.
In a Heroes of American Manufacturing video from NIST MEP, Cincinnati Crane & Hoist tells its own story and explains how its local Manufacturing Extension Partnership (MEP) center provided needed assistance. As Tony Strobl, President and CEO of Cincinnati Crane & Hoist recalls, “we really didn’t know where to go or what to do.” The phone call that Strobl answered came in the middle of the night and, like executives at many small-to-medium sized companies, he didn’t think his business was large enough to be a target.
As is often the case, the spearfishing campaign began before its discovery. Cincinnati Crane & Hoist inquired about a payment from a customer who usually paid on-time. The customer provided proof that payment had been made, and the crane manufacturer then realized that the money had been sent to an unknown account. The hackers knew Cincinnati Crane & Hoist all too well. “They were able to get into our email and live within our day-to-day life,” Strobl recalls.
Spearfishing relies on deception and works because it’s convincing. “Hackers send you an email,” says Traci Spencer, Grant Program Manager at TechSolve, the MEP center for Southwest Ohio. “They make you believe it is real.” With help from its local MEP center, however, Cincinnati Crane & Hoist recovered from the spearfishing attack and has implemented strong cybersecurity policies. “This is no longer something you can opt to do,” Strobl says about cybersecurity. “This is a part of doing business today.”
Does your NYS manufacturing company need to strengthen its cybersecurity? FuzeHub, the statewide MEP center for New York State, belongs to the same nationwide network as TechSolve. This year, we have set aside new funds for cybersecurity assistance and are pursuing federal grant opportunities that could help more NYS manufacturers. Do you qualify for our 2020 cybersecurity initiative? To find out, request a consultation and talk to a manufacturing expert.
1 thought on “Recovering from a Cyber Attack with Help from MEP”
The Cincinnati Crane & Hoist experience was no doubt very disruptive to the company’s business. It is appreciated that the company would openly share to help others learn from their unfortunate experience. Noted as a small- to medium-sized company, this is an illustrative case for ALL companies instituting enterprise-wide employee awareness programs. Having recently been required to participate in the collaborative “Hacker’s Mind” simulation, I can say that my organization was able to educate and empower each an every employee in a company-wide effort to act vigilantly and proactively to defend the organization from would-be attacks. I recommend this or similar programs for all businesses.