Digital dimensions - September 2016

Firms must wake up to the cyber security threat

Earlier this summer, cyber security experts including Eugene Kaspersky, founder of anti-virus software firm Kaspersky Lab, issued a bleak statement: the world is not ready for digital attacks on critical infrastructure. 

These comments came close on the heels of a major cyber attack on the Ukrainian power grid, which left more than 230,000 residents without power. However, sophisticated hacks of this nature are rare. It is more commonplace methods, such as email ‘phishing’ scams, that are a bigger threat to engineering firms. 

In 2016, there has been a wave of such phishing attacks by “Operation Ghoul”, which according to Kaspersky Lab has successfully targeted 130 small and medium-sized engineering and industrial firms so far. 

The attacks use a phishing email designed to look like a communication from a bank and an attachment that appears to be a document, but is in fact malware. Once installed, the malware hunts for valuable business-related data stored in the victim’s networks. The collected data is sent to central servers. Hackers make money from resulting sales of stolen intellectual property and business intelligence, or from attacks on their victims’ bank accounts.

A survey carried out by manufacturers’ organisation the EEF found that despite the rise of such attacks 46% of manufacturers have chosen not to increase their investment in cyber security in the past two years.  

Experts agree that educating the entire workforce is the key, as a phishing attack can penetrate the perimeter anywhere in an unprotected network, including an office computer or mobile device. Lane Thames, researcher at IT security firm Tripwire, says: “A little bit of training can go a long way.”