One
As chemical companies become more computer controlled, the dangers of possible cyber attacks have increased. The more computer controlled, the greater chances are of becoming a prime target for those that want to steal, damage, or cause havoc in your company. A cyber attack not only can corrupt and expose company information, it can also affect production. Cyber attacks can leak sensitive data, client information, and the violation of safety and environmental standards. Cyber attacks have been estimated to cost more than a billion dollars annually in just the chemical sector alone (1), with the most common attacks being theft of intellectual property and ransomware.
Combating cyber-attacks is an ongoing process. Specifically for the chemical processing industries, the scale of the problem is immense. Currently, over 3,000 facilities in the United States are considered to be at high-risk for cyber-attacks. With all this protentional risk, it’s important to stay out in front by being proactive. When thinking of protection, all facets need to be covered and it is best practice to have layers of protection. There needs to be an in-depth defense, clear plans, and contingencies. As part of a disaster recovery plan, it is also crucial to practice taking, storing, and regularly testing backups.
Cyber Security Standards for the Chemical Industry
Chemical companies in the United States should be following the Chemical Facility Anti-Terrorism Standards (CFATS), which have been developed over the past decade. According to the Government Accountability Office (GAO), many in the chemical industry in the US lack proper preparedness in the event of a cyberattack. The Department of Homeland Security (DHS) has created a program specifically for the chemical industry. DHS also cites the high risk of cyberattacks and potential for national security issues. Working with the Chemical Sector Coordinating Council and other agencies, DHS has developed a framework to help protect our industry from potential cyber threats. Their webpage provides additional information and self-assessment options, as well as resources to help with risk assessment, next steps, preparedness, and training. The framework overview can be found here.
How to Keep Your Business Protected from Cyber Attacks
Businesses need multiple layers of security, with physical and electronic security measures working in tandem to keep data and resources safe. A security assessment with a reputable IT company is a good place to start, focusing on protective software and data backups. The need for physical security also cannot be overstated. Locked doors, security protocols, fences, and security cameras are additional ways to help keep your business protected. Cybersecurity insurance may also be a valuable investment, adding another layer of protection for your business, should deterrents and other measures fail.
Protection from cyber attacks can appear to be overwhelming, but simple steps can be taken daily to stay protected. One of the easiest but most important actions is training. Staff training and education on the risks that cyber threats pose can make a huge impact. In regard to emails; never open suspicious emails or emails from unknown senders. Look at the attached files you are receiving and do not click on suspicious web links. Only use remote connection software and approved computers for the connection and be leery of connecting to unknown wireless networks. Another quick tip, always ensure that the security software installed is working correctly. If there is any malware, ransomware, or notice of security risks, speak up to let someone in the company know. As cyber attacks have increased, be sure that your company stays protected.