Cyber Risk: Why woodworking businesses should examine their cybersecurity protocols
By Erin Selfe and Tony McFelin

As more businesses shifted operations online during the pandemic, cyber exposures have grown significantly. In fact, according to data from ThoughtLab, cyber incidents increased in 2021 by 15.1%, with a 24.5% increase in material breaches. 

The woodworking industry is also facing increased exposure to cyberattacks. Verizon’s 2022 Data Breach Investigation Report (DBIR) found 2,337 data breach-related incidents reported in the manufacturing industry, which would encompass woodworkers. The report also highlighted how system intrusion and basic web app attacks are on the rise in the manufacturing industry, at levels higher than the average of other industries.

Small and mid-sized businesses in manufacturing facilities, or woodshops to be more specific, can find themselves as cyberattack targets because they often do not have robust cyber plans and protocols in place. 

To properly mitigate cyber exposure, it’s first important to understand the nature of the industry’s attacks today.

What is the risk?
Cyber security Cyberattacks have the potential to cause considerable damage to businesses and consumers at any time. For example, just a month ago in the UK, a company responsible for the water supply of more than 1.5 million people was breached. The cybercriminals were able to access many of the company’s critical interfaces, including one that controls the ultraviolet settings that keep bacteria out of the water supply. 

To combat attacks like these, business leaders are currently in the process of working through challenges related to what we call Industry 4.0. This describes the increased computerized interconnectivity and smart automation we see in manufacturing businesses today, including the Internet of Things (IoT), automated shipping yards, robotics, wearables, and much more. With these new additions to the workplace, we have introduced a whole new array of cyber risks, including:

  1. Supply Chain: As a woodworking business owner, you may rely on a third party to receive your varnish supply or similar. What happens if your vendor is down because of a cyberattack? Can you still produce your product? A cyberattack at any point along the chain can have major consequences.
  2. Utility: Recent years have seen a higher risk of nation-state attacks, where utilities are targeted and shut down. What happens if your business operations are impacted by a lack of water or access to another major utility? This could lead to faulty production, followed by possible insurance claims and litigation. 
  3. Sales and Customer Service: We frequently see denial-of-service attacks, which can be a major problem for woodworking businesses. If a third-party vendor is infiltrated, your business may not be able to purchase its product at the time you need it. 
  4. Process Control: Process control is critical to delivering the right product to customers. Process control systems often involve third-party access and if there’s a vendor attack on that third party, it can derail operations entirely. 
  5. A Lack of Cyber Protocols: Lastly, and perhaps most importantly, your vendors may expect proof of a strong cyber program from your business. Your operations are part of the supply chain and if your business is halted or damaged by a cyberattack, not only will you struggle to meet your client’s needs, but your partner relationships could suffer.  

 

How your company and its supply chain can prepare
In addition to maintaining cyber protocols at your business, it’s important to expect proper cyber mitigation practices from all business partners along the supply chain. 

Beyond the basic security steps, such as changing passwords and two-factor authentication, there are a few more comprehensive recommendations we have to mitigate cyber exposures:

  • Thorough Risk Assessments: We always recommend businesses conduct thorough risk assessments with cyber partners skilled in manufacturing and woodworking. These partners, such as a specialty insurer who knows the wood niche, will understand the typical risks that could plague their business.
  • Build a Backup and Business Continuity Plan: In the event cyber threats do infiltrate your supply chain, do you have secondary suppliers, supplementary materials and a list of trucking carriers you could rely on? Build out a continuity plan so your business will be able to operate in the event of a setback.
  • Hold Security Training: Train staff on security awareness and best practices. There are several resources easily available, including www.cisa.gov/stopransomware and Shields Up | CISA, which offers comprehensive details on safety best practices for small and large businesses.
  • Check Your Access Control Management: Make sure your process control systems are up to date. We have seen businesses that don’t realize their systems are running on a 1980’s server and when they suddenly lose access, no one has the password for the systems that control every cut of their moldings. For example, let’s say a woodshop has been manufacturing a product using machinery that precisely manufactured that product at a certain set of dimensions. If they can no longer access the machine, the business would have to work manually to produce the product. Not only would employees struggle to produce the product as quickly and with the same precision as the machine that the business has heavily relied on for so long, but they also may not have enough team members on staff to do the job.
  • Develop USB Device Management Protocol: We have heard plenty of stories about manufacturing plants where people have been able to siphon off major company logins by just walking in and using a USB drive. We highly recommend businesses block USB access so if someone walks in, they can’t access significant company data.

As cyber threats continue to rise across the manufacturing sector and in our industry, employing proper cyber mitigation practices and requiring the use of cyber safety protocols from your business partners is essential. Taking the time now to establish proper cyber protocol can protect your business and provide critical support to the businesses you work with. 

About the authors: Erin Selfe, Vice President, Information Technology, Pennsylvania Lumbermens Mutual Insurance Company and Tony McFelin, Managing Consultant, BTB Security

 

Have something to say? Share your thoughts with us in the comments below.