Manufacturing Comes to a Halt

Overview

Manufacturing organizations traditionally fall into two categories: extremely large and multi-national or small and focusing on a niche product. In this case study, we are looking at the traditionally under-supported one, the small and niche organization.

Firing on all cylinders, 24/7

A small manufacturing organization CEO engaged FalconOps to perform a penetration test against their extremely small external footprint. He had been increasingly concerned with being hacked due to the many news stories about small companies getting held for ransom.

We love when our clients express what concerns them - in fact, it is one of the pre-assessment questions we ask.Through our partnership, our goal is to put our client's minds at ease by ensuring they gain the greatest possible benefit from our engagement.

I've been increasingly worried about getting hacked

Our team started the assessment on the minimal attack surface that they had exposed, but it rapidly became evident that our assessment would not be a quick one.

Custom does not always mean secure

Our team identified a custom written portal for employees to log into while not at the manufacturing plant. During the manual portion of our testing, we identified a trivial to exploit authentication bug that allowed us to become an admin of the portal. We could see ALL user accounts, client, billing, manufacturing processes, POs, etc. We immediately called the point of contact so that they could take proper steps to secure the platform, before we finished our report.

Our Cybersecurity Suggestions for Manufacturing Organizations

Below are our suggestions for manufacturing organizations to drastically reduce the likelihood of a successful cyber attack.

• Penetration Testing at least once a year for both external and internal systems.
• Multi-Factor Authentication to access network resources and sensitive student information (client & billing portals, manufacturing equipment systems, etc)
• Managed Detection and Response on all systems (we offer this as a service starting at $15 per system, per month, with no minimum system count)
• Phishing & Security Awareness training

While there are plenty of other suggestions, we believe these will give you the biggest "bang-for-your-buck"

Ready to Start? Contact Us!

Our team is composed of former NSA analysts and operators. We have the know-how and will ensure the best price compared to other comparable organizations. Why? Because we care about traditionally under-supported organizations more than our bottom dollar.