Phishing attacks are ruining manufacturing – and it might be your fault

0
647

IBM recently released its X-Force Threat Intelligence Index for 2024. The report concludes that, for the third straight year, manufacturing is the unfortunate recipient of more cyberattacks than any other industry. There is a massive confluence of factors that makes manufacturing inherently more susceptible to disruptive cyber activity, such as the supply chain. In addition to highlighting physical susceptibilities, the report gives the following eye-watering numbers:

71%: Year-over-year increase in cyberattacks that used stolen or compromised credentials.

32%: Share of cyberattacks involved data theft and leakage, an indicator of data selling.

Neither of those data points is overwhelmingly tied to servers being attacked or to large-scale attacks. For the most part, it indicates things such as phishing attacks and similar tactics. In many instances, it only takes one person clicking, one person’s compromised password, or one person’s misguided transaction to get into a company’s important data. Luckily, phishing is also one of the easiest types of cybersecurity to strengthen, as being aware is the best tool to stop such attacks.

It is likely that training has already covered many of the following tips, but humans are complacent and forgetful, so they bear repeating:

  • Do not share log-in information with coworkers.
  • Do not use the same password across multiple platforms and make sure to substantially change passwords regularly.
  • Do not open links or attachments you are not expecting; even then, be wary.
  • Check the email address of any suspicious email and verify it is correct or valid before interacting with it.
  • If an email tries to put pressure on by making a request or demand that is time-sensitive, doublecheck the request with the person making it or the IT department in person.
  • When a phishing attempt is identified, notify the IT department without forwarding the email; screenshots are best. Wait until after IT is aware of the attempt to quarantine the email.
  • Do not try to hide an attack if it has been successful. Report it immediately.

The old adage of “it is better to ask for forgiveness than permission” is null here; however, “an ounce of prevention is worth a pound of cure” is entirely applicable. When it comes to phishing attacks, scrutiny and caution are the best defense. Any real time-sensitive request that is delayed by a few minutes to keep a company’s security and data intact is always worth the extra time it took to verify the company isn’t compromised.

There are a few other options worth considering as well but will likely have to be implemented from the top down. Perhaps the easiest are multi-factor authentication and email filtration. The first is likely familiar: when logging into a website, service, or application, the login will prompt a randomly generated code that was sent to a verified email address or phone number to be entered. While this can certainly be annoying and tedious, it is invaluable from a security standpoint, as it adds another layer of obfuscation for would-be attackers. Similarly, updating a company’s email program with advanced filters to keep out phishing attacks is incredibly effective.

For those interested in learning more about the topic from a 20-year industry veteran, AGMA’s Emerging Technology department recently hosted James McQuiggan, security awareness advocate at KnowBe4, for a webinar discussing how manufacturers can reduce the risk of being hacked. It can be viewed on demand for no cost at www.agma.org/events-education/on-demand-webinars.

Upcoming Event

2024 Fall Technical Meeting

October 7-9 | Rosemont, Illinois

Each year, authors selected by AGMA write technical papers on topics relevant to the gear industry. These may include subject matter related to: design and analysis; manufacturing and quality; materials, metallurgy, and heat treatment; operation, maintenance, and efficiency; and gear failure. The papers go through a double-blind peer review process in order to ensure the efficacy of the research. The authors present the results of their work at the FTM to an audience of knowledgeable international engineering professionals. During a Q&A period at the end of each session, authors and attendees are able to exchange their ideas. Full registration includes PDF copies of all 2024 FTM papers.

To register, go to: www.agma.org/event/2024-fall-technical-meeting-ftm.

Upcoming education

Operator Precision Gear Grinding

July 24-25 | Live Online Course

Explore precision gear-grinding processes, machine input variables, kinematics, machine alignment, setup errors, pitfalls, common gear fatigue failures, and expectations related to finish ground gearing. Learn definitions of gearing component features, application loads, and process steps from blanking through heat treatment to finished part ready to ship. Study aspects of quality assurance, inspection documentation, and corrective actions for measured non-conformances. Understand pre-heat treat, heat-treatment distortion, and post-heat-treatment operations including the hows and whys to produce finished gears that conform and perform to end-user expectations. Calculate gear-form-grinding cycle times for real-life examples for various accuracy levels on commercially available software.

Reverse Engineering

August 14-15 | Live Online

Reverse engineering a gear system is a not too unusual task and in many, but not all, cases the process goes fairly well, thus it is easy to become complacent. It is important, however, to fully understand the process and the best practice procedure for reverse engineering a gear system. Failure to fully follow best practices can result, at best, in an unhappy gear user, but, in the worst case, it can lead to very expensive, time consuming, and reputation-damaging litigation. In this course, the basic types of reverse engineering projects will be discussed (e.g. upgrading an existing system to increase power or extend operating life or improve noise level; replacing a gear that has reached the end of its otherwise successful life; emergency, short term, interim gear replacement resulting from an unexpected failure; responding to a system that is not providing acceptable performance; etc.).

Basic Gear Inspection for Operators

August 14-15 | Chicago, Illinois

This course will provide a solid foundation for anyone going into gear inspection. Learn the common, current, and basics of the tools and techniques used to measure and inspect gears. Understand the four main categories by which a gear is evaluated and classified. Gain proficiency in understanding gear quality by learning the numerical scale on which gear design, manufacture, and inspection are based and more.

For a full list of the 2024 courses, please visit: agma.org/events-education/upcoming-courses/.

Calendar of events

July 15 — Accuracy & Nomenclature Committee — Webex

July 24-25 — Operator Precision Gear Grinding — Live Online Course

July 29-30 — Technical Division Executive Committee — Webex

July 30 – August 1 — Bevel Gear Systems Design – Week 1 — Live Online Course

August 6-8 — Bevel Gear Systems Design – Week 2 — Live Online Course

August 6-8 — Gear Heat Treatment Operator and Operations — Cleveland, Ohio

August 12-13 — Operator Hobbing and Shaper Cutting — Chicago, Illinois

August 13 — Powder Metallurgy Committee — Webex

August 14-15 — Basic Gear Inspection for Operators — Chicago, Illinois

August 14-15 — Reverse Engineering — Live Online Course

September 10 — Design Basics for Spur & Helical Gears — Live Online Course

September 16-20 — Basic Training for Gear Manufacturing — Chicago, Illinois