5 ways to secure your metals business from cyberthreats

Tony Barnes, Michael J. Del Giudice
11/12/2021
5 ways to secure your metals business from cyberthreats

In our 10th annual technology in metals survey, cybersecurity stands out as the number one tech concern named by metals executives – and for good reason.

Cyberattackers are improving their technology and tactics, and they are actively targeting businesses – with an increasing number of attacks.

The frequency and costs of cyberattacks on businesses are worrying. The average cost of remediating ransomware attacks is $1.85 million – more than twice the amount in 2020, according to the Sophos “State of Ransomware 2021” report.1

Figures like this can feel terrifying, but they don’t have to be.

Managing the threat and taking proactive steps in preparation for an attack is something most businesses can manage in a cost-effective and sustainable way.

Here are five tips to help you build your business securely to sustain growth into the next decade:

1. Maximize cloud-based solutions.

Cloud-based solutions allow you to tap into built-in security expertise to take advantage of system features that internal personnel might not have the capability to implement. Many ERP system providers offer built-in security solutions backed by a team of cloud-based professionals.

With increased trends toward a remote workforce, using secure, cloud-based options can provide greater confidence for growing and evolving metals businesses.

Maximize cloud-based solutions.

2. Focus on confidentiality.

It can be hard to know where to begin when dealing with the many security risks that exist. Start by focusing on confidentiality by understanding what data is most sensitive and critical to the organization and identifying who has access to that information in the organization.

Too many attacks are escalated because users are authorized to access critical data they probably should not have access to in the first place. Think about employee data, customer data, and proprietary information that needs to remain confidential. Allow access only to those people who absolutely need it.

3. Create a realistic cybersecurity plan.

Create a realistic cybersecurity plan.

High-profile ransomware attacks have left organizations everywhere nervous. However, proactive steps can reduce the likelihood of an attack, so it’s important to face reality and put a response plan in place for when a cyberattack might happen.

Keep in mind there is no silver bullet approach. Instead, make these essential steps part of the plan:

  • Training. So much ransomware comes in through emails to employees, so it’s essential to train them as a first line of defense.
  • Backup. Make sure you have an offline copy of your data and programs that you can get to in the event of system downtime caused by a breach.
  • Access. Provide access only to those who need to know. Many organizations give employees administrator authorization as the default, but that can open the door to a cyberattacker.
  • Authentication. Multifactor authentication has long been a standard part of cybersecurity strategies, but now this functionality is implemented much earlier in cybersecurity planning. With some platforms, multifactor authentication might be included as part of existing licensing.

4. Balance in-house with external cybersecurity resources.

Accessing cybersecurity resources and skilled talent during a shortage can be incredibly challenging and frustrating.

Hiring third-party cybersecurity support can be a great way to complement the team without breaking the bank.

An effective cybersecurity firm can help monitor systems around the clock and help respond should something happen. Working with an external team also can establish consistency and continuity in planning when members of the security team leave the organization.

5. Invest in cybersecurity insurance.

Invest in cybersecurity insurance.

Unfortunately, the reality is it’s no longer a question of if an attack will occur but rather when it will happen. For this reason, a robust cybersecurity plan includes managing the monetary impact an attack will have on a metals business, and that’s why cybersecurity insurance can be critical. Two types of cybersecurity insurance should be considered:

  • Cybersecurity coverage. This type of coverage can help with replacement costs that result from ransomware attacks.
  • Fraud coverage. One common attack scenario is when a fraudster pretends to be someone in the organization, like a CFO, requesting funds be sent outside the organization, such as to a new vendor. Fraud coverage can help mitigate losses if funds cannot be recovered.

Insurance premiums are rising, so it’s important to understand what the insurance covers and does not cover – and determine how it fits into a broader risk management strategy for the metals business.

1“Ransomware Recovery Cost Reaches Nearly $2 Million, More Than Doubling in a Year, Sophos Survey Shows,” Sophos news release, April 27, 2021, https://www.sophos.com/en-us/press-office/press-releases/2021/04/ransomware-recovery-cost-reaches-nearly-dollar-2-million-more-than-doubling-in-a-year.aspx

Watch our cybersecurity webinar for metals businesses or reach out to us today, and let us help you grow securely.

Let us help you grow securely.

Navigating cybersecurity can be challenging for metals businesses, but we’ve combined our industry expertise and our specialization in technology to help guide you.
Tony Barnes
Tony Barnes
Managing Principal, Metals
Michael Del Guidice
Michael J. Del Giudice
Principal, Consulting