Believe it or not, manufacturing took over from finance as the most cyber attacked sector in 2021 – almost a quarter of attacks were aimed against them, up from 18% in 2020.
Many attacks are carried out by large and well-funded Organised crime groups supported by state actors. And the West’s overt support for Ukraine in the ongoing war in Europe is only likely to lead to more aggressive attacks as Russia seeks to punish those nations and organisations it believes are frustrating its geo-political ambitions.
The growth in manufacturing’s reliance on Industrial Control Systems (ICS) adds another layer to the problem. ICSs are an integral part of our lives today. They allow for easier management of our most critical infrastructures and processes. Manufacturing, gas, water, power distribution and transportation all depend on ICSs to keep their processes running on a daily basis.
What’s more, the emergence of the Industrial Internet of Things (IIoT) has allowed users to automate some tasks in the process. We can now control everything simultaneously from a remote location, leading to improved workflow efficiency and helping us reach never-before-seen speed and accuracy.
But all of these new technologies have come with increased vulnerabilities from cyber attackers – and one of the easiest ways to frustrate these hackers is by having strong passwords implemented across networks and devices.
So how safe are our company’s passwords?
The below graphic represents the time to brute force a password using current technological capabilities.
So, passwords should really be in the top two tiers to be effectively secure.
An ongoing issue is that the more complex the password the more difficult it is to remember - and with the general lack of uptake around password managers the NCSC guidance continues to encourage staff to use three random words as a password instead. Find out more here.
So how can you make sure their passwords are strong and safe?
This will need to be led from the CEO and senior management team and will need to be done in conjunction with any in house or outsourced IT support. But the following tips hold true.
See what passwords you and your staff have which are already known. Why not run a poll to see who has the most/least breaches? Haveibeenpwned.com is a website where you can enter your email address, telephone number, and see if your information has been captured in a data breach. As a business owner you can also register your domain and get notified when your domain pops up in another breach.
Have a clear password policy for staff and tell them why having strong, unique passwords are essential. If you need help with this, our affordable student services offer security awareness training. Why don’t you make a booking to discuss further?
Enable Two Factor Authorisation wherever you can, but especially on your emails and social media accounts. Even with the best passwords, once someone knows that password then the system is not secure. With 2FA, even if the password and username are known, the criminal won’t have access to the second verification factor so they shouldn’t be able to just “log in”. You can find more about 2FA here.
If your staff have loads of passwords to remember, consider getting an enterprise password manager so they only have to remember one and the password manager generates and remembers the rest – goodbye reused passwords.
What next?
The impact of a successful attack against your website or network can be catastrophic and lead to website downtime, loss of business and loss of reputation. In the worst cases it can lead to the closure of the business altogether. But all is not lost.
So, what can I do?
Here at the centre, we would advise you to do three things now
Join our growing community by signing up to free core membership . You will be supported through implementing the changes you need to make to protect your business and your customers.
Consider obtaining Cyber Essentials accreditation – the basic government backed kite mark standard for cyber security. Join the centre as a free member and we will take you as far as the CE accreditation process. And if you want to pay for the assessment, we can refer you one of our Trusted Partners – all regionally based cyber security companies that can help you become accredited. Certification provides free cyber insurance and 99% protection either fully or partially from today’s common cyber-attacks.
We would also recommend that you speak to your Managed Service Provider and / or website company to discuss how they can implement cyber resilience measures on your behalf.
Reporting Cyber Crime
Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).
