GLTAAC is part of the Economic Growth Institute, which also houses the Defense Cybersecurity Assurance Program. This blog entry, written by DCAP’s Ashlee Breitner, explores cybersecurity issues that even a small manufacturer faces.(More on DCAP below – including information about their free seminars). 

Ten years ago cybersecurity used to be what most thought was a just buzzword, but in today’s world with ransomware, phishing and viruses hitting all industries, it’s not something to be taken lightly.

You might think, “I’m just a machine shop”, why would anyone ever want to cyber attack my company?”  Consider this case: In 2019, in a small rural city in Michigan, ransomware infiltrated and held hostage the systems of every company within one small industrial park, demanding $25,000 from each. The attacker did not care if it was an equipment dealer, a fabricator, a media company or a bank. The only company that survived this attack without having to pay the ransom was a small defense contractor that had just made an investment to assess and secure its cyber and physical security. This investment, with DCAP grant funding support, cost the company under $5,000.  That means the company saved over $20,000 from just that single attack.

 

When thinking about your cybersecurity risk, ask yourself these questions:

1.  Have you conducted a cybersecurity assessment of your business? If yes, do you have a written company cyber incident response plan?

  • If no, what would you do if you were attacked? Do you know where to start?

2.  Have you ever had a cyber breach?

  • If no, how do you know?

3.  Has your staff undergone security awareness training?

  • If yes, how often are they retrained?
  • If no, would they know what to do if there was an attack? Even more importantly, do they know how to avoid attacks?

4.  Are any of your products potentially used in the defense industry?

  • If yes, did you know there is a new mandate in 2020 for all companies in the defense supply chain, regardless of their type of business, to be certified to the Cybersecurity Maturity Model Certification Program created by the DoD?
If you’re ready to prepare for a possible attack, where do you start?

 

1. Assess Your Risks

There are many free resources available to help you conduct a self-assessment of the risks to your company. The US SBA office references a series of vetted assessment tools to get you started. Check out the Small Business Cybersecurity information at this link.

2. Address Your Risks

This is where most companies fall short and become vulnerable. Starting with your highest risk first, define a plan of how and when you will tackle it and each subsequent risk. This honestly is where a trusted outside consultant can be of most help. They will help keep you on track as you implement your action plan. Otherwise life…business…and everything else, will always take priority.

3. Continuously Monitor

Just setting a plan and working toward resolving your risks is not enough. Risk is an ever changing factor and it is important to set a regular frequency to re-evaluate your risks.

Where can small manufacturers get help?
  •  GLTAAC clients can receive matching funds for cybersecurity preparedness projects. To learn more about the TAAF program eligibility, contact GLTAAC today.
  • If your firm is in Michigan, Indiana, or Ohio, Ashlee’s DCAP team can help in several ways:
    • Grant funding and guidance: Smaller manufacturers in Michigan, Indiana, and Ohio that are in the defense supply chain should look in to support and funding via the Defense Cybersecurity Assurance Program (DCAP).
      • Learn more about eligibility by visiting the DCAP web page, or contacting the team at umegi-dcap@umich.edu.

Contact us now

Learn how GLTAAC can help your business become more competitive

gltaac@umich.edu