SolarWinds hack calls for stronger cybersecurity measures in Canadian manufacturing

Back in December, FireEye revealed a significant data breach effecting a number of industries and organizations. The SolarWinds hack was a cyber attack perpetrated by various hackers to access crucial data and information through a software update laden with malware.

Over 18,000 of SolarWinds’ 33,000 clients were compromised by the cyber attack. The hackers gained access to the data through a weaponized software update, which was a masquerade to install malware that could sift through personal data.

A recent phishing simulation was sent out to organizations in a variety of industries by Terranova Security, a cybersecurity training and awareness group, to ascertain companies’ abilities to defend against a cyber attack.

Phishing has been described as the fraudulent practice of sending emails purporting to be from reputable sources to induce an individual to reveal personal or private information. A global study tested manufacturing executives and employees on their abilities to detect a phishing scam.

The Phishing Benchmark Global Report by Terranova Security found that 22 per cent of employees in the manufacturing industry would fall victim to a phishing email and click on the included malicious link, and a further 69 per cent of clickers would go on to provide a hacker with their credentials.

The study was distributed to hundreds of companies globally and showed startling findings in the wake of an increasing number of data breaches at large corporations.

“The complexity of messages have also become much more sophisticated, and scammers and attackers are able to better replicate authentic messages and web sites,” said Theo Zafirakos, CISO at Terranova Security, in a prepared statement.

Zafirakos also provided a number of helpful tips to help protect manufacturing industry employees from cyber-attacks and increase their security.

Zafirakos listed three key tips for industry leaders:

• Take the time to validate any email request, look for the email address and make sure every character is valid and correct
• Verify whether the message itself is asking you to bypass standard processes or procedures
• If you see something suspicious, make sure to report it, so no one else falls to the scam and you can defend the whole organization

Zafirakos also stressed having a proper cybersecurity awareness program in place to defend and educate against data breaches and phishing attacks.

“The pandemic and the nature of a work-from-home environment has increased the number of users working in a virtual environment, and definitely played into the increased number of users submitting their credentials in an unsafe manner,” Zafirakos said. “Scammers are also preying on people’s desperation for a vaccine, and using COVID-19 testing and vaccine promises as part of their scams to secure login credentials.”