Cyber attacks are becoming more elaborate and convincing every year, but too many businesses are not taking it seriously. Senior Manufacturing Advisor Geoff Crossley explains why SME manufacturers are particularly in danger, how COVID-19 has increased the risks and what you need to do to boost your defences.
Cyber security is a hot topic. It was voted the number one technology priority for manufacturers in 2020, and it’s importance has grown even more since the pandemic. However, many manufacturers are woefully unprepared for the risks they face, especially SMEs. If you think you’re too small to attract the attention of hackers and cyber criminals, you’re wrong.
Why are manufacturers so vulnerable?
More than most organisations, manufacturers need to share complex information with others, such as drawings and design files as well as payment requests from customers and suppliers. SME manufacturers also tend not to consider themselves particularly ‘digital’ businesses, so they are less likely to want to purchase off-the-shelf antivirus and firewall software. Add to that the incredibly busy day-to-day of most manufacturing operations, and there is serious potential for weaknesses to be exploited.
At the same time, cyber attacks are becoming more sophisticated and plausible. The risks can be easy to underestimate – cyber crime is after all an invisible threat – but I cannot emphasise enough how close every manufacturer is to potential harm. I know quite a few SMEs who have ended up paying criminals to release their data due to ransomware and many others who have lost valuable data.
If you receive a lot of emails, use remote payments or regularly receive files and data from other organisations, consider yourself at high risk. You wouldn’t allow someone to bypass safety procedures on the shopfloor, so don’t allow it in the office.
Think you’re not a target? Think again
There are two key trends happening in cyber security right now. On the one side, companies who have recognised they’re at risk are strengthening their systems so they can better withstand attacks. These are often larger companies who are more digitally advanced, and therefore have more data to lose.
This means a cyber security ‘gap’ is emerging between those investing in their defences and those who are falling behind. As a result, cyber criminals are turning their attention to less secure, smaller organisations and individuals.
According to UK statistics, nearly four in ten small businesses suffered a cyber security breach over the last 12 months. The average annual cost in terms of lost assets or stolen money is over £8,000. But this doesn’t include all the potential indirect costs from collateral damage such as the loss of customer data, which may result in lost contracts, reputational harm and legal trouble. It’s not an exaggeration to say that even the most basic breach of customer data could destroy your business entirely.
Despite this, too many SMEs are still failing to do the basics. Nearly one in five don’t have up-to-date malware protection, half don’t have formal rules for moving and storing personal data, and two thirds haven’t done any kind of cyber risk assessment at all. If this sounds like you, you’re in trouble.
It’s getting personal
One of the things SME manufacturers are gravely underestimating is the sophistication and plausibility of modern cyber crime. These days, attackers are increasingly gaining entry to IT systems by preying on one person in particular. You have probably heard of ‘phishing’ – the act of sending out fraudulent or dangerous emails to thousands of people in the hope that someone will fall for it. A bigger risk these days is ‘whaling’ – a highly targeted attack on a key individual like a director. Attackers will choose a specific target, scope out the organisation and use personalised information to convince the victim they are genuine.
More than a quarter of cyber security breaches in small businesses now involve some form of impersonation. Criminals are even beginning to use ‘deep fake’ software to re-create the voice of their target from existing material online and using it to send fake phone messages. This is the sort of depth of attack that we can expect in future.
COVID-19 has opened the door to new attacks
The pandemic has unfortunately presented a whole new set of opportunities to cyber criminals. Thousands of companies have had to adopt remote working practices at short notice, often with little experience.
Employees working from home means existing vulnerabilities are compounded. Each person has their own WiFi connection, their own devices on the network and their own passwords that could be as simple as 123456. It’s an ideal environment for cyber criminals to gain access to business data through insecure home networks. According to some sources, the pandemic has coincided with a fourfold surge in everything from email phishing to brute force attacks on passwords.
In a recent poll by the Institute of Directors, one in three directors surveyed felt their organisation was now more vulnerable to cyber crime compared to before the pandemic. A separate survey by PwC found that two thirds of UK CEOs have decided to increase their investment in cyber security and data privacy over the next three years.
What you can do bolster your defences
- Make use of online resources
Your first port of call should be the National Cyber Security Centre’s Exercise in a Box. This free resource helps you to audit your business and test your response to a cyber attack. You’ll be surprised how quickly you will find a hole in your system.
The NCSC website also has a huge amount of guidance on useful topics, including advice on remote working and video conferencing. If you want a formal certification to reassure customers, consider the NCSC’s government-backed Cyber Essentials scheme.
- Access local support
The Hub offers cyber security guidance for SMEs in Greater Manchester, which you can access here. You should also contact one our Manufacturing Advisors for any questions you may have concerning the security of your operations.
Greater Manchester businesses can also access fully funded support from the GM Cyber Foundry, a collaboration between four North West universities to help SMEs strengthen their cyber defences.
- Prepare for digitisation
As we move towards the widespread adoption of digital technologies such as the Internet of Things and AI, cyber security will become even more critical. For most SMEs, digitisation is a gradual process – new equipment is purchased piece-by-piece and connected to existing networks, rather than a total overhaul completed in one go. This means there is a higher risk of incompatible software and system vulnerabilities.
If you are looking to digitise your operations, Made Smarter is a good potential source of advice and support.
- Simple things you can do right now
One of the simplest and most effective actions you can take is to ensure your software is updated to its most recent version. In March, Microsoft revealed that its Exchange Server had been affected by a cyber attack. Multiple security updates have been released, but that means even more hackers are now aware of the flaw and are quickly trying to find unpatched servers to exploit.
Another easy security measure is to set up two-factor authentication on your email. This makes it far more difficult for someone else to sign into your account.
- Always report attacks
If you are a victim of an attack, remember: Cyber crime is still a crime. Report it to the police and record the attack via the UK ActionFraud website, as well as speaking to your security provider for a commercial solution.
We can help
Our specialist Manufacturing Advisors can provide tailored support to help you identify threats and improve your processes. Get in touch today for a one-to-one diagnostic.
Geoff Crossley, Senior Manufacturing Advisor
Geoff is a highly skilled manufacturing specialist, practiced in supporting manufacturing businesses to implement lean tools and techniques which will increase efficiency. Geoff is passionate about helping manufacturers work smarter and to do more with less.
With a background in engineering design and experience running a successful business, Geoff is skilled at strategic planning, developing sales and marketing strategies to generate new customers and delivering sustained profitability.
To view Geoff's full profile including technical capabilities and industry experience, please click here.