Crown Equipment’s Cyberattack: Recovery and Lessons Learned

Crown Equipment’s Cyberattack: Recovery and Lessons Learned

Several weeks ago, Crown Equipment faced a serious cyberattack that disrupted its operations. Employees quickly took to the internet to express their frustration with the company's initial response. Many were told they couldn't work, some were advised to file for unemployment, and they were left seeking answers about when operations would resume. After three weeks of shutdown, Crown Equipment has fully resumed operations across its 24 global manufacturing plants. It took them a few weeks to get back up and running, but they did it.

This attack was reportedly caused by a social engineering tactic where an employee clicked on a phishing email, allowing hackers to install remote access software. This type of attack is all too common. Social engineering, including phishing emails, phone calls, or text messages, often tricks employees into giving hackers access. Many don't believe it can happen to them until it does. This incident highlights the critical need for cybersecurity awareness training for employees.

Crown Equipment has been tight-lipped about the specific data compromised in the attack or how it has been used. They are working closely with federal law enforcement, which might explain their discretion. The investigation is ongoing, and the involvement of law enforcement indicates the seriousness of the situation.

This incident underscores the importance of having a strong human firewall—well-trained employees who can recognize and respond to potential threats. However, this attack also forced Crown to shut down entirely, which is something companies should strive to avoid. Ideally, businesses should be able to contain a cyberattack to a single office, site, or facility rather than shutting down the entire operation.

As a cybersecurity expert, I see a significant issue in how some companies handle their defenses. Some people dismiss the idea of multiple layers of defense as just "band-aids," but our track record shows that these layers are effective. We've managed to avoid being hacked for 20 years because of these defenses. While some might say that boasting about never being hacked puts a target on our back, I'm confident in our systems and encourage anyone to try. Our defenses include multiple layers of security that act as tripwires, alerting us to potential breaches and stopping hackers in their tracks.

An employee should not have the ability to install remote access software without proper authority. Ideally, only IT personnel with the right expertise should have such access. If an IT person was indeed tricked, that’s a significant concern. But it’s more likely that an untrained employee with unnecessary admin access was the point of failure. Proper controls and checks should be in place to prevent unauthorized software installation. Multi-factor authentication and approval processes are crucial.

This attack on Crown Equipment serves as a reminder that cybersecurity is not just about tools but also about policies and training. Companies need to ensure that only authorized personnel can install software and that every installation is reviewed for security risks. Implementing these measures can help prevent similar incidents in the future.

Are you unsure where to start with your organization's cybersecurity? Get started by getting a cybersecurity risk assessment.