It has been widely reported that the manufacturing sector has become a prime target for cyberattacks over recent years, with a 2019 report citing more than half of manufacturing companies had experienced some type of cyberattack in the last 12 months.
With this in mind, Nowcomm’s Chief Technology Officer, James Baly, and Head of Services, Kevin Prone discussed why the manufacturing industry is becoming an increasingly attractive target for hackers and cybercriminals in a recent webinar – Manufacturing secured: helping you address security challenges in manufacturing.
James and Kevin were joined by Michael O’Malley, Engineer and IoT Specialist at Cisco Systems, to discuss why the manufacturing industry is a target, how hackers gain access to insecure networks and what measures can be taken to protect data and prevent a significant breach in the manufacturing sector.
The team explored the following five key actions manufacturers can take to improve cybersecurity and protect their organisations from attacks.
Education and training are key
According to data from the Information Commissioner’s Office (ICO) 90% of cyber data breaches in 2019 were caused by human error. With this in mind, it’s clear that neglecting employee training can result in costly consequences for companies. Training gives staff the knowledge to recognise risk and more importantly, report it. A survey in 2019 revealed that 30% of respondents didn’t even know what malware or phishing was, which can lead to simple email breaches costing corporations millions of pounds in losses.
At Nowcomm, we firmly believe that any form of training needs to be repeated and continually reinforced in order to reap the benefits. The more staff know about the systems and processes they are using daily the better, especially with so many working remotely due to the current COVID-19 pandemic. Training brings peace of mind and reassures individuals how to recognise a threat and how to reduce the risk of one. There is also a benefit to clients as they trust organisations with extremely valuable data and want to know that it’s protected, so with a clear employee training programme in place it benefits your business as a whole.
Have a clear plan
The importance of planning cannot be stressed enough. Without a clear roadmap of your security posture, you are increasing the risk of a potential breach. Therefore, it’s important to understand the potential threats to your network and prioritise the ones that present the greatest risk to production.
The main aim of any plan is to protect your information and client’s data, which is more often than not the most valuable asset a business will own. In order to make sure it’s secure there are three fundamental goals to follow, confidentiality, integrity and availability. To achieve these goals, you need to make sure that any important assets are secure and only those with permission have access to them. Cybersecurity is constantly evolving so you should continually monitor the procedures you have put in place through your plan.
With an effective strategy in place, it not only sets out your commitment to delivering a robust cybersecurity solution but also how you intend to implement and execute them. Every single area of your organisation is susceptible to cybercrime, so it’s imperative each one is protected.
Network visibility is critical when it comes to protecting organisations against cybercrime. Businesses, especially in the manufacturing industry, have a multitude of connections throughout their networks, not just on the factory floor. Whether it is staff working remotely, supply chain management or third-party access, there are numerous potential vulnerabilities for hackers to target.
As the number of potential threats increases, so does the importance of manufacturers to be aware of all the connections to their networks. Having this information will help to identify any suspicious activity and can ensure action is taken to prevent potential attacks. Cyberattacks happen quickly, so it’s important to be proactive and continually scan a network to monitor activity. Preventing breaches is always simpler and less costly than remediation.
Simplify your approach
Don’t overcomplicate things by adopting a multitude of security tools. The average amount of security solutions used by organisations is 75 and there are over 3,000 suppliers in the cybersecurity market. This immediately presents a challenge of knowing where to start, but the most important thing to remember is to select tools that communicate vulnerabilities clearly and that offer a simple solution to fix them.
With so many devices being added to networks on a daily basis it becomes impossible for humans to monitor, so opt for a solution that will give you an overview of your cybersecurity posture at any one time. It’s vital to keep systems up to date and back-up data on a regular basis, this will ensure you’re protected from zero-day attacks and sophisticated ransomware.
If systems aren’t updated, it leaves organisations vulnerable to a breach. A large amount of businesses, especially within the manufacturing industry, will be using legacy systems that require frequent updates or patching solutions. However, it’s not always possible to apply regular updates, and in some cases applying a patch to a system that has been in place for several years can cause more harm than good. When choosing the right security tool for your business it’s important to keep things simple and ask key questions about patches, updates and support.
Change your mindset
Security should be seen as an enabler to allow your business to thrive, rather than a blocker. To achieve this, your strategy needs to be simple and uncomplicated so it’s easy to implement. When developing your action plan make sure you set goals that are achievable and break each one down into smaller milestones. By adopting this approach, it keeps staff motivated and your business secure.
It takes time to get cybersecurity right and things certainly won’t change overnight, but with the right mindset you could end up saving significant amounts of money as well as enhancing your organisation’s reputation.
How can Nowcomm help?
To help support businesses with the implementation of effective action plans, Nowcomm has joined forces with Cisco Systems to create a cyber security fund. Organisations can access funds to run a detailed compliance scan of their networks and receive a full security report for their business. To find out more about this initiative, or if you have any other questions for our expert team, please contact us today: https://www.nowcomm.com/contact/