Year on year cyber-attacks pose a significant risk to manufacturing companies. These companies possess intellectual property as well as sensitive information, both of which are valuable assets for criminals. Additionally, the nature of manufacturing relies on the timely and efficient production and delivery of products. This can make these organisations an attractive target for criminals, who see them as potentially more liable to pay ransomware demands.
As well as this, the integrated use of cyber-physical systems (CPS) in manufacturing processes has improved business efficiency but at the same time has created more potential access points for cyber criminals. The increasing convergence between information technology (IT) and operational technology (OT) provides a larger landscape for cyber criminals to enter company systems.
All of this makes investing in cybersecurity a valuable consideration for manufacturing companies of any size. Whilst completely avoiding the possibility of a cyber-attack is impossible, there are several options for organisations of all sizes that can significantly reduce their prospects of being targeted. Alongside these prevention tools, creating an incident response plan helps companies to be prepared in case the worst does occur; to help them minimise the damage and reduce disruption to the operation of the company.
What Vulnerability Assessment options are available?
One way to become more resilient to the possibility of a cyber-attack is to take stock of any online vulnerabilities that hackers can exploit. At the ECRC, in addition to our free resources and tools, we also offer several affordable services to help identify such vulnerabilities, at a cost that is affordable for many SMEs.
Our services are provided by students, who are employed on the Cyber Path talent pipeline. These local students are mentored and monitored by senior ethical hackers, facilitating hands-on training for those who may become the future leaders in the fight against cyber-crime. This not only makes their services more affordable than those provided by commercial companies, but by utilizing their skills you are supporting the next generation of cyber-talent.
This service assesses your website and web services against the top 10 security risks, searching for weaknesses and vulnerabilities. These assessments are supported with back-out and recovery plans to minimise the risk of outages. Service reporting will the outline the weaknesses in plain language, explaining what it means and the risk to your business, as well as guidance on how to fix this.
This involves reviewing your business’s internet connection remotely, in the same way an attacker would. These are not penetration tests with the goal of complete system compromise and control, rather tests focused on identifying weaknesses that could be used by attackers to achieve those ends. Service reporting is then provided in plain language to explain the findings.
This requires access to your internal network to simulate somebody who has gained illegitimate access. It will scan and review your internal networks and systems for elements including poorly maintained or designed systems, insecure Wi-Fi networks, insecure access controls, or opportunities to access sensitive data. Again, service reporting will describe what each weakness means, the risks associated, and guidance on how to fix them.
If you receive a troubling service report and choose to take remedial action, the ECRC partners with several cybersecurity companies who can help you to manage this, however there is no obligation to do so. You could also choose to pursue a Cyber Essentials qualification, which will ensure you that your company is reaching the minimum recommended standards in terms of good cyber security.
What should you do next?
Signing up as a free member of the ECRC allows you to receive the benefits of our ‘Little Steps’ programme. This weekly email series allows you to build your cyber resilience gradually through the form of actionable weekly tasks. These emails are concise, and designed to be accessible for a non-technical audience.
After following the ‘Little Steps’ email programme, you will likely be compliant with much of the criteria to become Cyber Essentials certified. When a company is operating under Cyber Essentials, it is 99% protected either fully or partially from today’s common cyber-attacks.
If you choose to go through with receiving the official certification, you can opt to do so through one of our Cyber Essentials Partners, who all work within the region.
Finally, if you would like further information on vulnerability assessments or wish to chat about the cyber resilience of yourself or your business, you can book a chat with us here.
Reporting a live cyber-attack 24/7:
If you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress) please call Action Fraud on 0300 123 2040 immediately. This service is available 24 hours a day 7 days a week.
Reporting a cyber-attack which isn’t ongoing:
Please report online to Action Fraud, the UK’s national reporting centre for fraud and cybercrime. You can report cybercrime online at any time using the online reporting tool, which will guide you through simple questions to identify what has happened. Action Fraud advisors can also provide the help, support, and advice you need.
Alternatively, you can call Action Fraud on 0300 123 2040 (textphone 0300 123 2050)