The manufacturing industry saw more cyberattacks in 2022 than any other major business sector, according to IBM Security’s X-Force Threat Intelligence Index. Almost 25% of all cyber-attacks were carried out towards manufacturers. For this reason, it is critical that manufacturers are aware of their vulnerabilities and have a response plan prepared in the event of an attack.
The success of manufacturers relies on timely and efficient production and delivery. This can make them attractive targets for criminals, who may install ransomware believing these companies will be more likely to pay up and avoid disruption. Manufacturing companies also possess intellectual property and sensitive information that is highly valuable, making them lucrative targets.
The integrated use of cyber-physical systems (CPS) in manufacturing processes has improved business efficiency but at the same time has created more potential access points for cyber criminals. The increasing convergence between information technology (IT) and operational technology (OT) provides a larger landscape for cyber criminals to enter company systems.
What Can You Do?
Completely avoiding the possibility of experiencing a cyber-attack is impossible but you can employ various preventative measures to reduce the risk. Creating an incident response plan is a valuable time investment, as you do not want to wait for a cyber-attack to happen, only to realise you have no idea how to respond.
Additionally, it is a good idea to understand where your systems and websites are at in terms of their vulnerability, and there are several ways to do this. At the ECRC, in addition to our free core membership that arms you with steps to become more cyber secure, we also offer several affordable services that can identify vulnerabilities in your systems.
Our services are provided by students, who are employed on the Cyber PATH talent pipeline. These local students are mentored and monitored by senior ethical hackers, facilitating hands-on training for those who may become the future leaders in the fight against cyber-crime. This not only makes their services much more affordable than those provided by commercial companies, but by utilizing their skills you are supporting the next generation of cyber talent.
Web Application Vulnerability and Threat Assessment:
This service assesses your website and web services against the top 10 security risks, looking for weaknesses and vulnerabilities. These assessments are supported with back-out and recovery plans to minimise the risk of outages. Service reporting will then outline the weaknesses in plain language, explaining what it means and the risk to your business, as well as guidance on how to fix this.
Remote Cyber Vulnerability & Threat Assessment:
This involves reviewing your business’s internet connection remotely, in the same way an attacker would. These are not penetration tests with the goal of complete system compromise and control, rather tests focused on identifying weaknesses that could be used by attackers to achieve those ends. Service reporting is then provided in plain language to explain the findings.
Internal Cyber Security Audit, Vulnerability & Threat Assessment:
This requires access to your internal network to simulate somebody who has gained illegitimate access. It will scan and review your internal networks and systems for elements including poorly maintained or designed systems, insecure Wi-Fi networks, insecure access controls, or opportunities to access sensitive data. Again, service reporting will describe what each weakness means, the risks associated, and guidance on how to fix them.
If you receive a troubling service report and decide you need to take remedial action, you are more than welcome to look at the cyber security companies we work with, who can help you in mitigating the risks. Some of these companies are Cyber Essentials Partners and some are Community Ambassadors.
So, what should you do now?
Firstly, signing up as a free core member of the ECRC allows you to receive the benefits of our Little Steps Programme, to help you and your business understand simple things you can do to build cyber resilience.
This will take you as far as the Cyber Essentials accreditation process. When a company is operating under Cyber Essentials, it is 99% protected either fully or partially from today’s common cyber-attacks.
If you then decide you would like to go through with receiving the official accreditation of Cyber Essentials, you can choose to do this through one of our trusted Cyber Essentials Partners, who are all regionally based.
Finally, you can book a chat with us here, to discuss vulnerability assessments for your company if this is something you are considering.
Reporting a live cyber-attack 24/7
If you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress), please call Action Fraud on 0300 123 2040 immediately. This service is available 24 hours a day, 7 days a week.
Reporting a cyber-attack which isn't ongoing
Please report online to Action Fraud, the UK's national reporting centre for fraud and cybercrime. You can report cybercrime online at any time using the online reporting tool, which will guide you through simple questions to identify what has happened. Action Fraud advisors can also provide the help, support, and advice you need.
Alternatively, you can call Action Fraud on 0300 123 2040 (textphone 0300 123 2050)
Report a phishing attack
If you suspect a phishing attack, please report it to the Suspicious Email Reporting Services (SERS) set up by the NCSC at: report@phising.gov.uk. Text messages can be forwarded to 7726