Ransomware is trending. From the recent WannaCry to the chronic bane of cyber hackers who can invade systems and lock or annihilate data, manufacturers large and small are at risk of losing access to crucial data and hardware. What is your risk tolerance for these situations? How long can your operation continue without access to your data?
There are steps manufacturers can take to protect themselves from financial catastrophe and operational paralysis if they are hit with a malicious cyber-attack that destroys or encrypts data. One way manufacturers can protect themselves from losing valuable data is by having an effective Data Recovery Plan (DRP). This is key when trying to ensure that your company will survive a disaster or systems crash. There are two important metrics involved in a DRP, which include, RTO and RPO.
Recovery Point Objective (RPO)
Recovery Point Objective focuses on a company’s data loss tolerance. An RPO looks backward and describes the point in time to which data must be restored to successfully resume normal operations. It’s important to determine if data that is lost between the point of disaster and the last successful backup can be ignored or must be re-created and at what cost.
For example, if you’re running a computer-aided manufacturing shop, utilizing a CAD/CAM system while also depending on an ERP system for a variety of transactions and your entire IT system crashed or was hacked, how much data would you lose between now and your last backup?
The amount of time in between the disaster and the last backup (your RPO) represents how much work you’ll lose and how much time it will take you to reconstruct your lost work. If your business can afford to lose 1 week without backing up specific data, then your RPO for that data is 1 week. If you set an RPO of 1 hour, then you’ll need to backup your data at least every hour.
Recovery Time Objective (RTO)
A Recovery Time Objective is the maximum tolerable length of time that you set for the recovery of your IT and business activities including computers, systems, applications or networks after a disaster has occurred. RTO calculates how quickly you need to restore data to meet your business needs.
So what does this mean for your business? Your company’s RTO is the time limit you set to recover and restore your business after a disaster strikes. For instance, if your RTO is 1 day, then your investment to recover your automated systems, servers, networks, etc. will be much higher because you will need to be able to quickly reconstruct all your data as well as replace any computer hardware and software applications within 1 day. However, if your RTO is 3 weeks, then your investment would be much lower because you will have more time to recover after a disaster strikes.
Although RTO and RPO are two different metrics, they should both be taken into consideration to help you develop a solid Data Recovery Plan to help safeguard yourself from possible financial and operational shutdowns. The question only you can answer is, “Can your business function without your IT systems and for how long?”
If a data disaster does strike, you will want to immediately implement your recovery plan. There are three elements most pertinent to cyber: data recovery, technology recovery, and business recovery.
Data recovery entails figuring out what has been destroyed or locked and attempting to restore it. Paying ransom to criminals isn’t a very good option, even if the price is low. The time it takes to figure out how to pay is one drawback. Morally, it’s not a stellar feeling to reward the thieves or hackers. And there’s no guarantee once you pay up you will get full access to your files. Oftentimes, the decryption files don’t work completely or at all. Recovering from a remote, unaffected cloud-based storage service seems to be the best method. These services will work with you to transfer data as quickly as possible.
When signing on for a backup service, talk to the provider about exactly what will be saved and how it will be returned. For example, will your applications be rescued? If not, you will have another enormous headache on your hands to hunt down the providers of apps and download all of them again. These are complex applications that sometimes interface with each other. In terms of restored data files, some providers will replace the files exactly as they were on your systems—organized neatly in folders and by the user just as you had them. Others do a less friendly restore that may get all your emails, documents, records and schedules back onto your computers, but they might all funnel onto one device or they might not be categorized exactly as you had them. This will require substantial man-hours on your end to divvy up and organize things as they should be. There are other backup systems that require actions by your IT team as downloads filter in, and in some cases, multiple copies of the same files can be placed on your computers, creating a duplication nightmare.
It is imperative that you iron out all the nitty gritty details of backups and restoration before signing on with a company. Get your restorations as tailored as possible to your company’s needs to reduce manual labor on your end during the recovery phase.
Technology recovery may well be necessary if your system has been invaded. Devices must be cleaned of any bugs or hack-ware. Hackers who want to shut down manufacturing systems can attack hardware or firmware. Once the cybercrud is inside the hardware or firmware, it can prevent the machine from booting, initializing memory, activating external interfaces or working off of an external drive. Other types of hardware or firmware attacks target the basic input/output system (BIOS) code that is the initial code that runs when a system is turned on.
Corrupted firmware is almost always catastrophic and requires highly specialized security professionals to cleanse and recover it. Manufacturing may become a prime target for this kind of disastrous attack as cyber warfare increases. Most current attacks are about financial gain for the hackers. Firmware and hardware attacks are about shutting down economies, utilities, defensive systems and other national economic and security bulwarks. Talk to a professional cyber protection company that specializes in manufacturing about a vulnerability assessment and taking appropriate measures to protect your computer-controlled machinery. We can provide a referral if you need one.
Business recovery isn’t necessarily a given outcome from data and technology recovery. Customer trust could be lost. Contracts could be ruinously delayed. Partners’ systems could be infected by you, causing losses and shutdowns on their end. And money, oh the money. Without adequate Cyber insurance for the gamut of data and technology losses, recovery fees, investigation and regulatory probes, income losses due to business interruption, and liability for damage done to others because of your tech-protection failures, you could be financially sunk. The upper echelons of management at manufacturing companies need to make cyber priority number one in their strategic defensive platform. RTO, RPO, Prevention, Recovery, and Insurance are the foundations of that platform. You cannot prepare too well or too fast.
About Precision Manufacturing Insurance Services
Precision Manufacturing Insurance Services (PMIS), specialists in insuring manufacturers throughout California, can provide you with both the insurance products, including Cyber Liability coverage, you require and the loss control services you need to help manage your risk. We can also review your entire portfolio and advise you on other areas of business protection. Give us a call at 855.910.5788.