According to figures released last year by IBM, manufacturing has become one of the world’s biggest targets for cybercrime, second only to healthcare. For businesses operating in this sector, this news may come as a surprise, as most firms tend to associate cybercrime with banking or other financial services. The true scale of the problem is much larger, however, which is why manufacturing firms need to view the threat of cybercrime as a serious matter.
Why is the manufacturing industry a prime target?
In the main, today’s hackers are motivated by financial gain and in the manufacturing sector it is intellectual property (IP) which holds the greatest monetary value. Success in manufacturing is usually the result of a new product or more efficient processes, so if a cybercriminal was able to get their hands on a design document or some blueprints, it could mean a huge financial reward.
However, many manufacturers still don’t fully realise the value of their data, particularly in the case of smaller firms. It can be easy to forget that each industry has its own type of valuable information – personal and financial data are the prime target in a number of sectors, but in manufacturing a product prototype could be worth millions of pounds.
Coupled with these threats, the sector is also undergoing a period of rapid change. With the rise of the Internet of Things (IoT), automation and robotics, systems and products are more interconnected than ever before. Whilst this can help to control an often complicated supply chain, the technology involved can be a prime target for cyberattacks. In an industry where firms are becoming increasingly reliant on automated processes, cybersecurity cannot be an afterthought.
How can firms prevent cyberattacks?
For many, a good starting point will be to implement the ISO 27001 standard, which is a recognised industry benchmark for best practice for managing IT security within an organisation. This standard not only encourages firms to consider all possible risks, but also to determine what controls can be introduced to mitigate them. It ensures continual improvement of a business’ information security.
Another recommended point is to create an information classification policy. IP can seem like a difficult area to protect as, by its very nature, people need to interact with it regularly. However, many firms grant employees levels of access way above what they really need. Although it may seem easier to just give administrator access to all, this policy is putting firms’ data at risk. A classification policy will help define how sensitive a document is, and help it from falling into the wrong hands. A good place to start is simply by understanding the data you have, the risks facing it and how you can classify information – one popular method is colour coding, because it allows people to quickly determine the sensitivity of the document. Data Leak Prevention systems can also be implemented to provide a catch-all.
In order to protect IP at a minimum, manufacturers should review their current security permissions and evaluate access levels. By limiting access only to those who require the information for their job, the risk of a potential breach is dramatically reduced. Staff are often the weakest link in a company’s security strategy and their actions can unknowingly be damaging.
For this reason, manufacturers should also look at investing in staff training. Employees will continue to be a weak link if they aren’t aware of the ways cybercriminals target businesses.
Email is one of the most popular attack vectors, and hackers will take the time to research a firm in order to make the email look as authentic as possible. Staff should watch out for subtle changes to the company name or email domain, incorrect spelling or grammar, or unusual greetings. Any emails which sound urgent, threatening or contain unusual email attachments should also be treated with caution. It is important staff learn to spot these signs and inform management immediately.
Making cybersecurity a priority
The risks to manufacturing companies is undeniable, and will only continue to grow as the industry becomes even more interconnected. The good news is that manufacturers are starting to realise the importance of cybersecurity. The 2017 Annual Manufacturing Report revealed that 50% of respondents named cloud/cybersecurity as the most important IT investment for the future improvement of their business.
Statistics like these are encouraging, but in order to achieve success management buy-in is essential. Senior management must be responsible and accountable when it comes to cybersecurity, and it’s important it’s not viewed as just an IT project. Only by having the people, processes and systems in place can manufacturers keep the criminals at bay.