26 MiMfg Magazine April 2018
After a Cyber Attack
By Joe Harmon • B & L Information Systems
The primary key to beating any cyber attack or data breach is in the readiness of preparation and compliance . Are your cyber processes and systems up to date ? What is the status of patching and system updates ? Is your staff in compliance with your cyber security processes ?
Most people have now heard of ransomware , but other cyber threats to manufacturing are lurking in the wings . The Internet of Things ( IoT ) was built for convenience and function rather than security . On-premise software systems are more vulnerable than SaaS Cloud Systems , as there are more potential attack vectors available to cyber criminals . With the rise of Artificial Intelligence ( AI ), there are now AI – aided attacks which use AI to attack and exploit victim ’ s networks .
When a cyber threat hits , the second best defense is having a plan in place on how to combat the threat . As a SaaS ERP provider , we get that call from our clients after an on-premise cyber attack — an outreach on “ what do we do now ?” after their defenses are breached .
In our experience , the first 30 minutes after a cyber attack are critical . Here ’ s an explanation of the 5 likely defense initiatives your IT team is doing in those first 30 minutes and a plain-language why .
1
2
3
Find the source Locate where the cyber breach originated . Was it a Trojan horse email ? A brute force attack on your servers ? Did someone click on an infected pop-up ad ? This is critical because without knowing where the source is , it will continue to harm the system .
Disconnect the machine from the network Although this has limited effectiveness on some of the newer viruses , getting the machine off of the network should still be part of the first security steps . Knowing the source doesn ’ t necessarily mean knowing which virus it is , so this is a prudent “ just in case ” safeguard .
Check for propagation If mapped drives are still in place , check all the mapped drives used by the infected machine . If a brute force attack was the culprit , check that no Trojan horses were hidden on the machine or server . These steps serve as a safeguard against further damage by the initial attack .
4
5
Clean / quarantine Your IT team will determine if the machine ( or server ) can be “ cleaned ” for later use or if a wipe / reload is needed . They are likely to start with quarantine of the machine and affected files . This step helps to contain any further infection and sets up your system for possible re-use .
Restore as necessary March 31 was World BackUp Day . However , backups on critical data should be occurring at least once per day . In the event of an emergency , your progress forward is only as good as your last backup . Without frequent backups , you could lose days or even weeks of critical data such as sales orders . Your IT team will take the last known “ good ’ backup of the machine or server and use it to restore data and function so your staff can get back to work .
A robust cyber-security plan will help your business stay safe , and a post-attack protocol can give you a leg up on any necessary recovery . Ask your IT team today if they have the resources they need to put a defense plan in place and combat a cyber attack . 6
Joe Harmon is the VP of Support & Technology at B & L Information Systems . He may be reached at 269-465-6207 or jharmon @ blinfo . com .
B & L Information Systems is an MMA Associate member company and has been a member since 2017 . Visit online : www . blinfo . com .
Get More ! Protect your company before -- and after -- a cyber attack with resources from MMA . See mimfg . org .