Cyber crime: Take it seriously before it’s too late

Cyber security is a hot topic. It was voted the number one technology priority for manufacturers in 2020, and it’s importance has grown even more since the pandemic. However, many manufacturers are woefully unprepared for the risks they face, especially SMEs. If you think you’re too small to attract the attention of hackers and cyber criminals, you’re wrong. 

Why are manufacturers so vulnerable?

More than most organisations, manufacturers need to share complex information with others, such as drawings and design files as well as payment requests from customers and suppliers. SME manufacturers also tend not to consider themselves particularly ‘digital’ businesses, so they are less likely to want to purchase off-the-shelf antivirus and firewall software. Add to that the incredibly busy day-to-day of most manufacturing operations, and there is serious potential for weaknesses to be exploited.

At the same time, cyber attacks are becoming more sophisticated and plausible. The risks can be easy to underestimate – cyber crime is after all an invisible threat – but I cannot emphasise enough how close every manufacturer is to potential harm. I know quite a few SMEs who have ended up paying criminals to release their data due to ransomware and many others who have lost valuable data.

If you receive a lot of emails, use remote payments or regularly receive files and data from other organisations, consider yourself at high risk. You wouldn’t allow someone to bypass safety procedures on the shopfloor, so don’t allow it in the office.

Think you’re not a target? Think again

There are two key trends happening in cyber security right now. On the one side, companies who have recognised they’re at risk are strengthening their systems so they can better withstand attacks. These are often larger companies who are more digitally advanced, and therefore have more data to lose.

This means a cyber security ‘gap’ is emerging between those investing in their defences and those who are falling behind. As a result, cyber criminals are turning their attention to less secure, smaller organisations and individuals.                                                                                           

According to UK statistics, nearly four in ten small businesses suffered a cyber security breach over the last 12 months. The average annual cost in terms of lost assets or stolen money is over £8,000. But this doesn’t include all the potential indirect costs from collateral damage such as the loss of customer data, which may result in lost contracts, reputational harm and legal trouble. It’s not an exaggeration to say that even the most basic breach of customer data could destroy your business entirely.

Despite this, too many SMEs are still failing to do the basics. Nearly one in five don’t have up-to-date malware protection, half don’t have formal rules for moving and storing personal data, and two thirds haven’t done any kind of cyber risk assessment at all. If this sounds like you, you’re in trouble.

It’s getting personal

One of the things SME manufacturers are gravely underestimating is the sophistication and plausibility of modern cyber crime. These days, attackers are increasingly gaining entry to IT systems by preying on one person in particular. You have probably heard of ‘phishing’ – the act of sending out fraudulent or dangerous emails to thousands of people in the hope that someone will fall for it. A bigger risk these days is ‘whaling’ – a highly targeted attack on a key individual like a director. Attackers will choose a specific target, scope out the organisation and use personalised information to convince the victim they are genuine.

More than a quarter of cyber security breaches in small businesses now involve some form of impersonation. Criminals are even beginning to use ‘deep fake’ software to re-create the voice of their target from existing material online and using it to send fake phone messages. This is the sort of depth of attack that we can expect in future.

COVID-19 has opened the door to new attacks

The pandemic has unfortunately presented a whole new set of opportunities to cyber criminals. Thousands of companies have had to adopt remote working practices at short notice, often with little experience.

Employees working from home means existing vulnerabilities are compounded. Each person has their own WiFi connection, their own devices on the network and their own passwords that could be as simple as 123456. It’s an ideal environment for cyber criminals to gain access to business data through insecure home networks. According to some sources, the pandemic has coincided with a fourfold surge in everything from email phishing to brute force attacks on passwords.

In a recent poll by the Institute of Directors, one in three directors surveyed felt their organisation was now more vulnerable to cyber crime compared to before the pandemic. A separate survey by PwC found that two thirds of UK CEOs have decided to increase their investment in cyber security and data privacy over the next three years. 

What you can do bolster your defences

1. Make use of online resources

Your first port of call should be the National Cyber Security Centre’s Exercise in a Box. This free resource helps you to audit your business and test your response to a cyber attack. You’ll be surprised how quickly you will find a hole in your system.

The NCSC website also has a huge amount of guidance on useful topics, including advice on remote working and video conferencing. If you want a formal certification to reassure customers, consider the NCSC’s government-backed Cyber Essentials scheme.

Other useful free resources online include HaveIBeenPwned, where you can check if your email has been exposed in a data breach, and the GCA Cybersecurity Toolkit for Small Business.

2. Access local support

The Hub offers cyber security guidance for SMEs in Greater Manchester, which you can access here. You should also contact one our Manufacturing Advisors for any questions you may have concerning the security of your operations.

Greater Manchester businesses can also access fully funded support from the GM Cyber Foundry, a collaboration between four North West universities to help SMEs strengthen their cyber defences.  

3. Prepare for digitisation

As we move towards the widespread adoption of digital technologies such as the Internet of Things and AI, cyber security will become even more critical. For most SMEs, digitisation is a gradual process – new equipment is purchased piece-by-piece and connected to existing networks, rather than a total overhaul completed in one go. This means there is a higher risk of incompatible software and system vulnerabilities.

If you are looking to digitise your operations, Made Smarter is a good potential source of advice and support.  

4. Simple things you can do right now

One of the simplest and most effective actions you can take is to ensure your software is updated to its most recent version. In March, Microsoft revealed that its Exchange Server had been affected by a cyber attack. Multiple security updates have been released, but that means even more hackers are now aware of the flaw and are quickly trying to find unpatched servers to exploit.

Another easy security measure is to set up two-factor authentication on your email. This makes it far more difficult for someone else to sign into your account.

5. Always report attacks

If you are a victim of an attack, remember: Cyber crime is still a crime. Report it to the police and record the attack via the UK ActionFraud website, as well as speaking to your security provider for a commercial solution.

We can help

Our specialist Manufacturing Advisors can provide tailored support to help you identify threats and improve your processes. Get in touch today for a one-to-one diagnostic.