Clark Hill 2022 Automotive & Manufacturing Industry Outlook: Cybersecurity

2021 was a game-changing year in cybersecurity. There were many high profile vulnerabilities and data breaches, and responses from the government and private sector. A few examples include Accellion, SolarWinds, Microsoft Exchange, Kaseya, Colonial Pipeline, and JBS Meat, the May 2021 Executive Order, and Log4j which has been described as the most serious vulnerability in decades. As we move into 2022, it is an advantageous time for businesses and organizations of all sizes to review their cybersecurity postures considering these events and the resulting lessons learned. For those that have established cybersecurity programs, it is time to review and update them. For those that do not, it is time start the process and follow through to implement a comprehensive cybersecurity program.  

Cybersecurity Programs  

Businesses of all kinds and sizes should have a comprehensive cybersecurity program, appropriately scaled to its size and the sensitivity of the information. A program should include an inventory of information assets and data to determine what needs to be protected, a risk assessment to identify anticipated threats to the information assets, and development, implementation, and maintenance of a comprehensive cybersecurity program to manage the identified risks. Programs should be updated to address current threats and evolving safeguards and security best practices. Periodic training of all users of technology is essential. A cybersecurity program should include an incident response plan. This is particularly important considering current consideration of mandatory reporting to government agencies with reporting deadlines as short as 24 hours or 72 hours.  

Current Threats  

Cyber threats present a continuing and growing challenge to businesses and organizations of all kinds and sizes. Three of today’s greatest threats are phishing, ransomware, and Business Email Compromise (BEC). Constant awareness of these threats by all users and implementation of basic cybersecurity safeguards are important steps to help to defend against them.   

Phishing uses fraudulent (spoofed) emails for criminal purposes, like installing malware, stealing money, and obtaining information such as login credentials, bank account information, personal information, and confidential business information.   

Ransomware is a type of malware that encrypts a victim’s data. Attackers then demand payment, usually in cryptocurrency, for the victim to get the decryption key and restore access to the data. Ransomware attackers also frequently exfiltrate (steal) a victim’s information and demand payment for not disclosing or selling the information.  

Business Email Compromise (BEC) is a growing cybercrime epidemic, with staggering losses to businesses and organizations of all sizes. BEC is a scheme in which an attacker uses fraudulent email to impersonate an executive, attorney, business contact, or other person to get a transfer of funds, money, or sensitive information.  

The May 2021 Executive Order  

Following high profile data breaches in 2020 and early 2021 that impacted federal and state agencies and the private sector, President Biden signed Executive Order 14028, “Improving the Nation’s Cybersecurity,” on May 12th, 2021. It is intended to modernize cybersecurity defenses by protecting federal networks, improving information-sharing between the U.S. government and the private sector on cyber issues, and strengthen the United States’ ability to respond to cyber incidents. Its requirements are mandatory for covered federal agencies and government contractors and recommended for the private sector. Recommendations for the private sector, like breach notification, may become mandates through laws and regulations.  

The Executive Order includes five basic security measures: (1) backup data, system images, and configurations and test backups, (2) update and patch systems promptly, (3) test the incident response plan, (4) check security through third-party review, like penetration testing, and (5) segment networks. It also covers additional safeguards, including logging, multi-factor authentication, extended detection, and response (advanced security tools), use of secure cloud services, and zero trust architecture (an enhanced approach to authentication and authorization).   

The Cybersecurity and Infrastructure Security Agency (CISA)  

CISA, part of the Department of Homeland Security, has been taking an increasing role, with increasing resources, to safeguard federal civilian agencies and companies in critical infrastructures. It was very active during 2021 in aiding, guiding, preventing, and responding to vulnerabilities and data breaches.  

 For example, in July 2021, CISA launched StopRansomware, an interagency website to provide a one-stop location for resources to prevent and respond to ransomware. In November 2021, CISA published the Cybersecurity Incident & Vulnerability Response Playbooks in accordance with the Executive Order. While they are required for covered agencies and government contractors, the playbooks and the activities to implement them are also helpful to the private sector. They are likely to be viewed as best practices and may become requirements for companies in critical infrastructure sectors.  

For immediate assistance regarding a security incident, contact our 24/7 Breach Hotline at 877.912.9470. For assistance with cybersecurity programs and other cybersecurity issues, contact a member of Clark Hill’s Cybersecurity, Data Protection, and Privacy Group.