Cyber threat is holding companies back from investing in digital technologies. How can your manufacturing firm understand its exposure to security risk, and start to take practical steps to address weaknesses?
Cybercrime is one of the most significant threats facing businesses today. For manufacturing firms, the outlook is especially concerning: a recent survey found that 48% of manufacturing firms have suffered a cybersecurity incident, around half of which resulted in financial loss or operational difficulties.
So what makes manufacturing the third most targeted sector in the UK for cyber-attacks, after government and finance? The truth is that there are a number of factors. Phishing, DDoS and ransomware attacks are common across all industries. But manufacturers face the additional risk of cyber-attacks targeting operational technology.
Interconnectivity and AI brought about through Industry 4.0 introduces risk and increases complexity. This, combined with lower regulation when compared to sectors like government and finance, makes manufacturing an attractive target for cybercriminals.
It’s also worth considering the motives behind cyber-attacks on manufacturing firms. Whilst many cyber-attacks are launched to cause disruption or for financial gain, attacks on manufacturers often focus on obtaining intellectual property or internal operational information.
So, the stage is set: manufacturers are under attack. Without taking practical cybersecurity steps, today’s manufacturing firms risk not only financial, operational and reputational damage, but also the loss of intellectual property and – ultimately – competitive advantage.
Cybersecurity for Manufacturing: Five Practical Steps
At Six Degrees we work with manufacturing firms to understand, engage with and mitigate the cybersecurity risks they face. Unfortunately there is no silver bullet to protecting yourself from cyber-attack, and every business has different risk appetites and threat vectors, but the following five practical steps are a great place to begin your cybersecurity journey:
- Understand your security maturity. Manufacturing firms often struggle to understand their risk exposure. By benchmarking your security maturity you can make prioritised, actionable cybersecurity decisions that will protect you from cyber-attacks.
- Engage with security risks at board level. Cybersecurity is complex and technical, but without proper board-level engagement you won’t gain the appropriate operational and financial focus. Make cybersecurity tangible and understandable in order to give yourself the best possible chance of progressing your security strategy.
- Review the relationship between operational technology and information systems. Information systems can offer a back door to operational technology, which may be older and outside of support. In a famous – and terrifying – example of the physical damage a cyber-attack can cause, hackers accessed a German steel mill’s operational technology through its business network, preventing the mill from shutting down a blast furnace and resulting in “massive” damage.
- Step up your patch management. Many manufacturers invest in firewall and antivirus, but neglect regular security patching. Unpatched systems are a key attack vector for cybercriminals. Implement a robust patch management program, with scope for both scheduled and emergency patching, and make sure to stick to it.
- Implement secure connectivity. Manufacturers operating in multiple locations should utilise appropriate connectivity and next generation firewalls to ensure there are no weaknesses in the network that can be exploited by cybercriminals.
Enhance Your Cybersecurity Maturity
So, first of all the bad news. Your manufacturing firm is a target for cybercriminals, and due to the nature of your business you face a unique set of risks. But the good news is that, if you take the right steps to improve your security posture, you can significantly reduce the chances of becoming a victim of cybercrime.
Six Degrees can support you throughout your cybersecurity journey, from benchmarking your security maturity and representing you at board level, through to implementing and managing secure IT systems and processes.
Download our Minimising IT Risk in Manufacturing report to benchmark the level of risk in your business and discover how other mid-sized manufacturing firms are mitigating IT-related risks.
Our experts have applied their decades of security compliance expertise to develop a web-based scorecard, Aegis, which helps you to navigate the complex security landscape and mitigate risks to your business.
Register for our webinar here to find out how you can discover your Cyber Security Maturity.