Articles
A quarter of the 161 UK firms surveyed lost money or were disrupted as a result of hacks, according to the Cyber Security for Manufacturers report from manufacturers’ organisation the EEF and insurance firm AIG.
Only government systems and the finance sector were targeted more than manufacturing, which is among the least-protected sectors in Britain.
“It doesn’t surprise me,” said expert Ross Brewer from automation company LogRhythm. “Half of the manufacturers have reported a breach, but probably the other half don’t know they have had a breach.”
He added: “In the manufacturing sector, they don’t pay as much attention to cyber security as they do to operational practices. They don’t think of themselves first and foremost as a target.”
Manufacturers are often vulnerable because of their use of “legacy” equipment – ageing machines that cannot be patched or updated to withstand new viruses. Analysts also accuse firms of having poor network visibility, meaning unidentified users can slip under the radar and instigate attacks.
With international cyber warfare on the rise and lone hackers eager to exploit poor IT practice for personal gain, Brewer said attackers are not picky. “They are trying to find soft targets that they can go after,” he said. “They just see an IP address that they can target.”
The government has a list of “cyber essentials” to protect businesses, including using firewalls and updating software frequently, but experts have called for more substantial help.
The cyber security report found that 41% of companies do not believe they have access to enough information to assess their risk, while 45% feel they do not have access to the right tools for the job.
“There needs to be an increasing focus given to the specific needs of manufacturing,” said Stephen Phipson, chief executive of the EEF. “Failing to get this right could cost the UK economy billions of pounds, put thousands of jobs at risk and delay the supply of essential equipment to key public services and major national infrastructure projects.”
The National Cyber-Security Centre (NCSC) provides companies with online guidance. “The NCSC is committed to making the UK the safest place to live and do business online," a spokesman said. "But the UK Government can’t do this alone. Every citizen, business and organisation must play their part."
He added: “By getting the basic defences right, organisations of every size can protect their reputation, finances and operating capabilities. Organisations can also raise their basic defences and significantly reduce the return on investment for attackers by enrolling on the Cyber Essentials initiative and following the regularly updated technical guidance on CiSP [Cyber Information Sharing Partnership] and the NCSC website.”
The EEF urged companies to continuously assess access to critical data and to undertake “realtime scenario planning” to map out the consequences of cyber attacks or data breaches.
With the European Union’s new GDPR law approaching at the end of May – along with potential fines of €20m or 4% of global annual turnover for mishandling personal data – manufacturers might have to toughen up sooner rather than later.
Content published by Professional Engineering does not necessarily represent the views of the Institution of Mechanical Engineers.