Spearfishing is the practice of sending a fraudulent email that seems to come from a reputable source to a targeted individual. The intent of the message is to trick the recipient into sharing private information such as a password or account number, typically so that the cyber attacker can achieve financial gain. The spearfisher may ask for this information right away or develop a dialog with the target. Often, the source of the email appears to be a vendor or customer. Yet, that’s not always the case.
What if the sender appears to be a senior member of your organization – someone who is both trusted and respected? And what if the recipient is a new employee who wants to do well by responding promptly to requests for assistance? Consider the following example. It’s close-to-home proof that no one is immune from potential cyberattacks – not even an organization that helps manufacturers to recognize them.
Spearfishing Targets
Recently, FuzeHub’s Nick Antz received an urgent email that appeared to come from Everton H. Henriques, our NY MEP Solutions Director. “Hello,” the message began. “I need a favor from you. Email me back as soon as possible.” Nick is FuzeHub’s newest member, but he’s also part of our Cybersecurity Assistance Team. Nick knew this message was fraudulent, so he didn’t respond to the sender. Moreover, FuzeHub’s own safeguards identified the message as dangerous.
But what if Nick didn’t know about spearfishing? And what if FuzeHub didn’t have cybersecurity measures in place? The answers to those questions lead us to another example: an Ohio manufacturer that didn’t think it was large enough to be a spearfishing target. When the damage finally became clear, the manufacturer was forced to lay off employees. Yet, this spearfishing campaign was relatively mild since an estimated 60% of companies close their doors within six months of a cyberattack.
Fortunately, the Ohio manufacturer was able to recover and then resume operations with help from its local Manufacturing Extension Partnership (MEP) center. Manufacturers in New York State also have a valuable cybersecurity resource: NY MEP. Still, wouldn’t it better to stop cyberattacks before they start? And wouldn’t it be wise to educate yourself about cyber threats and take advantage of potential grant opportunities that can help to defray cybersecurity costs? NY MEP can help here, too.
Cybersecurity Assistance is Available
If you’re a NYS manufacturer that is part of the Department of Defense (DoD) supply chain, help is available so that you can perform a NIST 800-171 self-assessment. NIST 800-171, a special publication from the National Institute of Standards and Technology (NIST), is commonly understood to establish a minimum good level of cybersecurity practice. In New York State, eligible DoD manufacturers may have the opportunity to receive 80% of the cost of a personalized assessment up to a maximum of $6,000.
To learn more, join FuzeHub for the Virtual Cybersecurity Workshop that’s scheduled for December 9, 2020. You’ll hear from cybersecurity experts and get the facts about the 2020 Cybersecurity Assistance Grant. You’re also invited to join us for The Threat at Home, the next chapter of our cybersecurity webinar series. Spearfishing is just one of the many cyber threats that manufacturers (and others) are facing, so now is the time to prepare to defend against them.
