48% of manufacturers see cyber security as an impediment to manufacturing & smart factory initiatives. So, why is Cyber Security a big risk to Manufacturers?
Is your business involved in printing materials or manufacturing books and magazines? Maybe your business produces equipment for the leisure industry. Whatever industry you're involved in, the North West Cyber Resilience Centre wants all SMEs and businesses involved in the manufacturing sector to be aware of the latest threats.
2022 Dragos Report on Manufacturing and ICS
Dragos’ “Year In Review” report revealed that ransomware attacks on industrial infrastructure organisations nearly doubled in 2022, as the manufacturing industry is in a race to implement more and more digital solutions. Dragos found that of the surveyed companies that suffered a ransomware attack, 70% of them operated within the manufacturing industry.
As the manufacturing industry pushes to become more digital and implements Artificial Intelligence solutions in a bid to improve efficiency, the attack surface also grows exponentially. Dragos reports that the main risk associated with this process is “OT [Operational Intelligence] networks, particularly networks with poor segmentation”.
However, the cyber security landscape for manufacturing companies, and the wider industry, isn’t all doom and gloom. Dragos reported, “There were marked improvements to the use of network segmentation in engagements. Environments with significant network segmentation issues were down 2700 basis points”, stating that 50% of company networks saw a lot of improvement.
Is Cyber Security a big risk to Manufacturers? Here are our top tips for avoiding a Manufacturing Cyberattack
1. Lock your devices as if they were doors
Make sure you have encrypted and password-protected all devices used by your employees. This includes machinery, smart devices, tablets and computers.
2. Keep your passwords strong, and don't repeat them!
Use a strong password to secure your devices; three random words are advised. Passwords generated from three random words help users to create unique passwords that are strong enough for many purposes and can be remembered much more easily.
This applies to both IT systems (computers, laptops, mobiles, tablets etc.) as well as Industrial Control Systems (those used to manufacture goods)
3. Double up your protection
Ensure two-factor authentication is utilised on all devices and online accounts. This will give you two distinct forms of identification that will be needed for access to be given to your accounts.
4. Don't forget those software updates
Regularly patching and installing software updates helps to keep your devices protected. Often these updates will ensure any new flaws and vulnerabilities are protected against. Software, application, and Operating System updates are designed to fix these weaknesses, and installing them as soon as possible will keep your devices secure.
It is also vital your business has a process in place to track configurations of devices, whether this is the IT devices or manufacturing devices; tracking device type, version, operating system/software, and last updated date is vital to know what you need to protect
5. Implement an Incident Response Plan
Having an Incident Response Plan could reduce the cost of a data breach on your business; ensure you are testing your incident response plan so your staff know their role.
Our plan includes; preparing your business checklist and emergency contact list template, helping with incident response communications and providing details of the legal Implications of a cyber incident.
To help you minimise the impact of a cyber-attack, we have created a Cyber Incident Response Plan for you to use.
6. Train and educate your staff
You should regularly educate your employees about the most common cyber-attacks and their risks to your business. Common attacks include:
Phishing emails/text messages
Social Engineering
Data breaches
Ransomware
7. Practice makes perfect
Ensure that you have a cybersecurity policy that all staff are aware of when first joining your company, and make sure it's regularly updated.
Did you know the North West Cyber Resilience Centre was established to help small businesses tackle the threats posed by cybercrime?
Businesses in the North West can sign up for our free Membership online and receive a welcome pack full of practical resources and tools that will help you identify your risks and vulnerabilities and the steps you can take to increase your levels of protection. Through your membership, you will also get regular updates on new threats designed to help you stay safer.
We'd also encourage all businesses to perform a Cyber Health Check on your business's strengths and vulnerabilities. This audit helps to protect your business from the latest cyber threats by filling out a simple self-assessment questionnaire.
