Suspicious Minds: Non-Technical Signs Your Business Might Have Been Hacked

Credit: iStock/Omar Osman

I grew up in the outer suburbs of New York City. My dad commuted to the city for work, as did most of our neighbors, but as kids we rarely went into the city. An occasional field trip to a museum, seeing the tree in Rockefeller Center, or a family outing to a ballgame had been the extent of my urban experience. One year for Christmas, my sister, my cousin and I received tickets to see the Broadway show “Grease.” For the first time, we would be allowed to travel on the train and see the show without our parents.

A whole day in New York without supervision! For young teenagers, it was a thrilling prospect, but we received strict orders to “keep our eyes open and trust no one.” We had a wonderful time, besides a minor mishap figuring out where to catch the train to come home (my cousin insisted the same train would be waiting for us on the same track – he was wrong), it was the first of many adventures in NYC.

The most memorable thing for me was learning that observing your environment is an important part of staying safe.

That lesson learned years ago is also important in cybersecurity. Even if your employees have no technical understanding of information technology, they can help identify signs that your business may have been hacked.

Know the Signs

Contracts your company used to receive on a regular basis are now going to a competitor. A new competitor suddenly bursts onto the scene making a very difficult-to-manufacture part that resembles your product. Company monthly energy usage is increasing but you haven’t increased production hours. You haven’t received payment from a customer who always pays invoices within 60 days.

Each of these scenarios is a possible sign that your manufacturing business might have been hacked. Often the first detection of a cyber hack is an employee noticing that something isn’t quite right. This could be their system running unusually slow or a change in their password or other credentials that they did not make.

Small and medium-sized manufacturers (SMMs) are prime targets for cyber-attacks, according to the U.S. Department of Homeland Security, because many do not have adequate preventive measures in place. Manufacturing is the second most targeted industry. According to Accenture, only 14 percent of small businesses are prepared to defend themselves against cyber threats.

Traditional Cyber Threats and Tactics

Cyber criminals often use ransomware tactics to shut down manufacturing operations or to alter production processes so that faulty products are manufactured. Honda recently was forced to temporarily shut down global operations due to a ransomware attack at its headquarters. GPS giant Garmin recently had its operations suspended for almost a week, and multiple sources reported it faced a $10 million ransomware attack.

That said, many successful cyber-attacks against small manufacturers are not this visible or dramatic. These attacks play out in a long, slow process, managing to avoid detection. For example, evidence of a cyber-attack that infiltrated your sensitive contract information or intellectual property (IP) may not emerge for months or even years. Likewise, you may not notice when someone steals information from your customer database.

If You Can’t Explain a Change in Dynamics, It Might Be Cyber Related

You don’t need an IT background to keep checks on cybersecurity threats. A good rule of thumb is for employees to report any noticeable changes or anomalies in operations. For example, a decrease in production quality could arise from compromised industrial control systems.

If you suddenly have a harder time winning or retaining contracts, someone might have hacked into your financial system and figured out how to underbid you. IP theft could result in a new competitor making an identical product, or thieves might be going after an operational plan for a part or component.

Energy and data usage fluctuations also have been linked to cybercrimes. A large increase in your energy cost could indicate malicious activity. Fluctuation in data usage may indicate that someone is taking over your computer network during overnight hours for crypto mining, which requires excessive processing power. You can “lend” your computer’s processing power to a crypto mining service for revenue, or an outlaw cyber organization might just take it.

A hacker could change the routing numbers on the account where your customers send payments. A customer unknowingly pays the cyber criminals the money owed to you. If you are not monitoring your accounts closely it may be months before you notice the theft occurring.

The Connected Shop Floor Provides More Portals for Attacks

Manufacturers’ growing dependence on technology and data as drivers of productivity and efficiency puts greater demands on their cybersecurity infrastructure. The more connected your shop floor is with automation, sensors, monitors and control systems, the more vulnerable you are to cyber threats.

The manufacturing technology mix includes IT (including networks and business-side software such as email, finance and ERPs) and OT (operational technology, such as machines and control systems). SMMs traditionally have been challenged by how to manage cybersecurity concerns for a variety of reasons:

• Cybersecurity competes with many other areas in terms of funding.
• It’s difficult to dedicate specialty resources for in-house cybersecurity staffing.
• Cybersecurity has not been a priority in the acquisition and implementation of OT systems, which means as IT and OT converge, legacy systems become potential liabilities.



Teaching your employees to “keep your eyes open and trust no one” can be an important part of your company’s cybersecurity posture. Understanding that cyber-attacks are often identified by non-technical signs can help your employees be more observant of their environment. Having a suspicious mindset may enable your employees to identify cyber-attacks before significant damage is done.

Last fall my sister and I traveled to New York by train again to see a Broadway show, this time much older and wiser. We met our cousin for dinner, and we recalled our parent’s warnings about staying safe and observing our surroundings. Their trust in us to make that first independent trip into NYC gave us confidence to recognize risks and respond to them appropriately. Your employees can help to identify non-technical signs of cyber hacks if they are aware of their IT and OT environments and understand potential cyber risks.

Contact Your Local MEP Center For Expert Cybersecurity Advice

Cybersecurity experts working in the manufacturing sector see education as a key to SMM adoption, and more SMMs are looking at cyber consultations in the same way they look at seeking expertise in finance or insurance. If you are not sure where to start with cybersecurity for your manufacturing firm, check out this assessment tool based on the National Institute of Standards and Technology’s Cybersecurity Framework. It outlines five steps to reduce cyber risks:

• Identify – Understanding potential cybersecurity risks to an organization, including its systems, people, assets, data, capabilities and networks
• Protect – Developing and implementing safeguards for operations or services
• Detect – Establishing a proper monitoring system to identify either a recent cybersecurity event or one that’s ongoing
• Respond – Having controls available to respond to an attack, including the functionality to block them, as well as regain access to a system
• Recover – Being able to restore impaired or damaged services and content

You also can check out the NIST MEP collection of cybersecurity resources for manufacturers. And an expert at CONNSTEP can provide further, specific guidance on how to address your particular cybersecurity needs.

This article originally appeared on NIST’s Manufacturing Innovation blog and is reprinted with permission=