Overcoming Cyber Security Threats in Manufacturing

Manufacturing is becoming more and more technology led; the benefits and advantages brought by tech are too dynamic and effective to be ignored. The Fourth Industrial Revolution, 4IR, or Industry 4.0, is bringing rapid changes to technology processes through increased interconnectivity and smart automation including AI. But with all this technical innovation are you aware of the many cyber security threats that could devastate your manufacturing business?

Is your manufacturing business ensuring effective data management and implementing effective cyber security solutions?

Do you have written and tested cyber security procedures to ensure that should your business become a target, your data, teams and systems are safe?

Are you and your staff, trained and fully prepared to counter any cyber-attacks, threats or vulnerabilities that your tech could fall foul of? Have you tested your cyber security provisions?

In May this year, MAKE UK: The Manufacturers Organisation published a report entitled Cyber Resilience – The Last Line of Defence. In it, they presented the most recent figures for manufacturing business cyber-attacks:

• Just under 50% of manufactures have been the victim of cyber-crime in the last 12 months. Of those companies, 63% said it cost them up to £5,000, while almost a quarter (22%) revealed a cost of their business of between £5,000 - £25,000.
• 1 in 8 manufacturers agrees cyber-attacks are deterring them from digital adoption.*

Are you reticent to embrace digital solutions for fear of cybercrime? And if you are already embracing digital services and solutions, do you trust that if your manufacturing business was a victim of a cyber attack, it could recover?

What are the main cyber threats for manufacturers?

Manufactures can be compromised by many different threat vectors, these include:  

1) Phishing

Phishing is very common, it’s where a bad-actor/cybercriminal pretends to be a respected figure, colleague or CEO and, using social engineering, is able to convince the victim that they are someone else, in order to obtain sensitive data or information. The information they’d be hoping to get would be PII data - Personally Identifiable Information, financial information, or credentials.

These actors are incredibly convincing, and the damage from an attack could be catastrophic to your business and reputation.

2) Supply Chain attacks

Supply Chain attacks are an emerging threat targeting software developers and suppliers. Attackers search for unprotected server infrastructures, unsafe coding practices and unsecure network protocols. Once discovered, these attackers break in, add hidden malware in Build and Update processes, and change source codes.

As the software is from your partners and merchants, it’s automatically trusted and unfortunately the vendor will be unaware that their software is delivering cyber criminals access to your data and systems via hidden malware.

3) IoT attacks

In the case of IoT attacks – the Internet of Things - Cyber criminals attack physical objects that are embedded with sensors, processing ability, software or videos that connect and exchange data over the internet or other communications networks.

These physical devices include surveillance, monitoring systems, digital control systems, security cameras and systems, Amazon Echo, Alexa and Google Home.

4) DDos attacks

A DDos attack is a Distributed Denial of Service attack, it’s an attempt to brute-force a server to slow down or crash. It’s delivered via networks of internet connected machines and is a powerful way to overload a system, rendering the company disabled.

These attacks can last anywhere from hours to weeks. The resulting loss to the company targeted can be catastrophic.

5) Ransomware

A cyber threat undertaken to extort money, generally by blocking access to a computer system and demanding a ‘ransom’ is paid to require access.

These attacks can target a single user, a collective or even an entire business.

6) Insider Threats

Employees, business partners, contractors even vendors, all have the potential to damage your business and steal, compromise or leak important, sensitive, and private information

They’re categorised into two types:

The Malicious insider - An employee or contract who knowingly takes valuable information, IP, PII or financial information etc.

The Negligent Insider – an employee or contractor who falls foul to a phishing scam, accidentally deletes information, loses their laptop, or emails sensitive information to the wrong person.

Every business could be the target of Insider Threats.

How to better protect your manufacturing business

Firstly, asses the risks to your organisation. Once defined, ensure systems and procedures are in place to mitigate your risk of a breach to your cyber security.

• Invest in cyber security training, test and train your staff regularly.
• Implement anti-malware defences by way of policies and training, ensure your networking security with access controls and filter unauthorised access.
• Set up a Risk Management policy and enforce it.
• Define a policy for all changeable or external media and limit their use, if possible, ban their use, and utilise Cloud services rather than USB’s or external hard drives.
• Create a policy to ensure the configuration of all systems is defined and maintained, and that patches and updates are either automatic or effectively managed.
• Manage user privileges and access, monitor user activity.
• Create a remote working policy, ensure you’ve addressed the security of hardware and software.
• An incident management and disaster recovery policy should be created and put in place. Train your teams how to react in such an incident and test them regularly.

The bottom line

Chat to our expert team today and find out how you can best protect your business from the ever-evolving cyber landscape.

It’s in your best interests to be prepared, to train your staff, and to test your systems and your backups. In the words of Benjamin Franklin: “By failing to prepare, you are preparing to fail.”

If you need some advice or assistance to better protect your manufacturing business from cyber security threats, feel free to get in touch. The team at Onyx IT are well versed in cyber security, and we already manage the cyber security and IT requirements of many local manufactures. It’s one of our main specialised verticals, so you can be sure we’ve got the knowledge to secure your business.