ILMA Compoundings – March 2019 - 24

lengthened the incident by hours. The client didn't have a
list of whom to call if a cybersecurity incident was suspected,
which made the phone number of the cybersecurity adviser
the only number anyone thought to use. What if he had been
unavailable when this took place?
In a nutshell, the company didn't have its act together, and
it showed. After an incident occurs, your company will be
judged on the following criteria:
1. Before the incident, did your company take all actions
to prevent the incident that one would expect of a
prudent organization?
2. Did your company respond to the incident using
procedures that one would expect of a prudent
organization?
3. Are there any ways that the media could portray
your actions around steps 1 and 2 to make your
company appear to be culpable or incompetent? If so,
expect that they will. It attracts more readers to their
publications.
A robust playbook that includes the CEO, chief legal
counsel and all other senior leaders will do immeasurable
good in your ability to respond to an incident. An incident
response playbook needs several key elements to be effective.

It must:
* Identify who in your organization has the authority to
declare a cybersecurity incident. Who can initiate the
playbook?
* Spell out how much money that person can authorize
to be spent to have an incident investigated or
remediated.
* List the the types of scenarios that the playbook
is designed to cover. Examples include the loss of
sensitive data, a ransomware attack, the loss of a
critical system, natural disasters, law enforcement
contacting your organization about a warrant or
subpoena, and the loss of the use of one or more of
your sites because of a natural disaster or other issues
(such as a crime taking place in the building and the
police barring employees from entering the premises).
* Have a call tree that includes which people or groups
to call when an incident takes place.
* Define the people or groups responsible for making
the decision on when to bring in law enforcement.
* List the people authorized to speak to the media about
a cybersecurity incident and what those who are not
authorized to speak to the media should say if they are
approached by a reporter.

Manufacturing Continues to Be a Target of Cyber Criminals

ccording to the 2018 NTT Security report,
cyberattacks are down for manufacturers in the
Americas, but manufacturing remains one of
the top five attacked industry sectors worldwide. With
the average cost of a cyber data breach at $7.5 million,
according to the U.S. Securities and Exchange Commission,
the news is not good for those companies targeted.
Insurance firm Chubb reports that half of the
manufacturing losses in 2018 resulted from phishing
attacks - in which an attacker poses as a trusted source to
convince someone it's safe to open an email, instant message
or text message - indicating that people working in
manufacturing are susceptible to this type of cybercriminal.
A few of the more high-profile malware attacks
targeting manufacturing recently occurred at the Taiwan
Semiconductor Manufacturing Co., Merck and Mondelez

MARCH 2019

| COMPOUNDINGS | ILMA.ORG

International (the maker of treats such as Oreos, Chips
Ahoy cookies and Cadbury Creme Eggs).
Taiwan Semiconductor made the news when a thirdparty vendor shipped software that was infected with the
WannaCry ransomware to the chipmaker without prescreening it. An engineer at Taiwan Semiconductor then
installed the software without scanning it, and, once on the
company's operating system, the virus spread.
The New York Times reported that in 2017, both
Mondelez and Merck suffered significant losses from the
NotPetya attack. In its annual report for 2017 filed with the
U.S. Securities and Exchange Commission (SEC), Mondelez
stated that the "malware affected a significant portion of
our global sales, distribution and financial networks." The
net revenue loss, the company said, was less than 1 percent
of the company's global net revenues, which amounted to

http://www.ILMA.ORG

ILMA Compoundings – March 2019

Table of Contents for the Digital Edition of ILMA Compoundings – March 2019