Is cybersecurity an issue for manufacturing?

We often think it’s only the finance sector that has a real reason to worry about cyber-related crime. However, manufacturing is fast becoming a significant target for cyber-criminals. In a recent survey of manufacturers conducted by AIG, 48{2dfa1182ec7ee05805b813a9bdf2250092cde9d7c1f61c8843435a2d9f70cb53} said that they have at some time been subject to a cyber-security incident.

One such example is when hackers struck an unnamed steel mill in Germany. They did so by manipulating and disrupting control systems to such a degree that a blast furnace could not be properly shut down, resulting in significant damage. David Emm, principal security researcher, Kaspersky Lab, said: “The world isn’t ready for cyber-attacks against critical infrastructure, but attackers are clearly ready and able to launch attacks on these facilities – as this trend towards attacks on the manufacturing sector shows.

Lack of measures in place for cyber attacks

With this increasing and alarming trend, manufacturers need to be quick to ensure their systems are secure and able to withstand potential threats. So what is hindering the manufacturing industry in keeping these infiltrations at bay? Lack of proper security measures seem to be the number one cause of increased attacks. The report revealed that only 62{2dfa1182ec7ee05805b813a9bdf2250092cde9d7c1f61c8843435a2d9f70cb53} of manufacturers have invested in cybersecurity training and 12{2dfa1182ec7ee05805b813a9bdf2250092cde9d7c1f61c8843435a2d9f70cb53} admitted to not having any technical or managerial measures in place to assess or mitigate cyber attacks.

It’s easy to assume that cybersecurity is all about having the best and latest technology in place to guard your infrastructure. However risk management is not solely about technology, but also relates to people and processes. Some manufacturers were unsure as to how to evaluate cybersecurity awareness among employees, how to encourage a better security culture and behaviours, and how to design and implement improved cybersecurity policies and procedures.

Tools and services available

One of the challenges for manufacturers is to choose the right solution in the huge range of cyber-security products and services available in the marketplace. Companies can start off by taking a KPI (Key Performance Indicator) perspective to cybersecurity, by setting goals and metrics to improve security stature. This will enable them to develop a heat map of sorts, to outline where they should be focusing their efforts and/or where they should continue to invest in protecting their most valuable assets. Oliver Welch, EEF’s security expert, said: “There’s evidence out there that there is quite a lot of malware that is designed to sit in the background, not really do very much, while the person infected doesn’t even know that it is happening.”

Managing your risk

The report from AIG suggested 5 practical steps manufacturing companies can take to reduce the chances of a significant attack.

– Use a firewall to secure your Internet connection
– Choose the most secure settings for your devices and software
– Control who has access to your data and services
– Protect yourself from viruses and other malware by using antivirus software, only downloading apps from manufacturer-approved stores, or running apps and programs in an isolated environment
– Continually ensure your operating systems and software are up-to-date and running the latest security patches.

In conclusion, it has become clear that cyber threats are part and parcel of conducting business and it is a necessity to ensure your company is adequately protected. Manufacturers will find cyber-security standards an increasingly essential aspect of business readiness in order to trade.