Any company working in the manufacturing industry is an attractive target for criminals, regardless of size. In a report published by Dragos, it was found that incidences of ransomware had almost doubled last year within the sector. According to IBM’s X-Force Threat Intelligence Index, it is the most attacked industry, outranking financial services, which previously took the top spot.
For a manufacturing company, time is money, meaning they are seen as more likely to pay a ransom to resume business as usual. As well as this, many firms operate using a complex network of equipment, as production processes become increasingly digitized to make them more efficient. This creates more online vulnerabilities for criminal exploitation, as do the lengthy supply chains that many of these companies operate in. For these reasons, it is important for these organisations to heavily consider their online vulnerabilities and take proactive measures to ensure that they are optimizing their cyber security.
32% of SMEs were the victim of a cyber-attack last year, proving that small does not equal safe. Unfortunately, smaller organisations face the challenge of having limited resources to invest in their cyber infrastructure, and for a growing company juggling multiple issues and priorities, online security can often become a neglected issue. To counter this problem, it is vital that business owners not only are made aware of the threat landscape and the risk posed to their company, but also of the free tools and advice available to assist them at no cost to their business.
The ECRC is designed to help SMEs facing this issue. To make everybody aware that any presence online whatsoever pits you as a potential target for cybercriminals, and to signpost you towards free resources that can help you to reduce your risk. The National Cyber Security Centre (NCSC) monitors emerging threats and publishes up-to-date guidance, which is the guidance that is then promoted across the CRC network.
Some free tools available to your business include:
NCSC Small Business Guide: Created specifically for SMEs and the challenges they face, this guide outlines 5 key areas to consider regarding cybersecurity threats. These are: backing up your data, malware protection, keeping smartphones safe, good password policy, and avoiding phishing attacks. Within this guide is additional videos, infographics, and a list of further actions to take.
NCSC Cyber Action Plan: This is a great place to start learning about what you can do to protect yourself and your business online. This tool asks you a few simple questions about topics such as passwords and two-factor authentication to assess your current position, leaving you with a personalised list of actions that will help you on your journey. This is ideal if you are starting from a low knowledge-base or are unsure of how to prioritize your next steps.
NCSC Exercise in a Box: This is a free exercise that helps simulate what your business would do in the event of a cyber-attack. Once you register for an account, you can play out various scenarios, prompting you to consider what you would do.
Examples of the Attack Scenarios Include:
• A ransomware attacked delivered via a phishing email.
• An insider threat that causes a data breach
• Supply chain risks, including software and ransomware.
• An attack from an unknown Wi-Fi network
Incident Response Plan: Created by the ECRC, this document assists you in formulating a plan. Cyber resilience goes so much further than strengthening your defences, it is also about knowing how to respond and recover if the worst does happen. Once developed, you can implement your plan through Exercise in a Box, to test its effectiveness.
NCSC Board Toolkit: Designed for senior members of an organisation, this helps board members get to grips with cyber security and how to embed it in all layers of the company. The toolkit is a thorough resource but written in an accessible format, outlining not only the essential cyber practices to enforce, but the indicators of success to evaluate performance against.
Staff Security Awareness Training: Many cyber-attacks do not target the vulnerabilities of your systems, but instead the vulnerabilities of you as an individual. This means that in many cases, your staff are your first line of defence against an attack. The NCSC have developed an e-learning package to assist with staff training. This ensures your staff feel aware and supported and helps create an open culture within the business to start talking about the very necessary topic of cybercrime.
Police CyberAlarm: provided by local policing, this software acts as a ‘CCTV camera’ to your network. It monitors the traffic seen by your internet connection and provides regular reports detailing any suspected malicious activity.
What can the ECRC do to help?
With the manufacturing sector being particularly vulnerable to the nefarious pursuits of cyber criminals, becoming a free member of the ECRC can be widely beneficial for your business.
When you enrol as a member, you become automatically enrolled onto our ‘Little Steps’ programme. This is a weekly email series that runs across several months, with each instalment giving you digestible information or easy-to-implement actions that build your cyber resilience. This allows you to improve your cyber position around a busy schedule and is designed to be understandable for a non-technical audience. Our communications also provide you with up-to-date news about cyber-crime and will issue any relevant threat alerts as they emerge. For businesses that are looking for free tools like the ones outlined above, not only will our ‘Little Steps’ emails direct you towards them, but our website allows you to access them all from one area, alongside tailored advice for your industry.
What about Cyber Essentials?
Increasingly, businesses operating in key supply chains are required to be Cyber Essentials certified, to help prevent supply chain compromise. This is a relevant issue for manufacturers to consider, however, once the ‘Little Steps’ programme is completed you will find that your business is already compliant with much of the criteria, streamlining the process of becoming certified if you choose to do so. Additionally, the ECRC partners with several cybersecurity companies operating in our area who are certified to provide the accreditation for Cyber Essentials. If you choose to pay for the certification, you are more than welcome to go through one of our Cyber Essentials Partners, however this is by no means a requirement.
Is There Anything Else?
Finally, as well as the free tools listed above, the ECRC does offer several affordable cybersecurity services. These are delivered through students on the CyberPATH program, who are trained and monitored by senior ethical hackers. Utilizing their services is not only supporting the talent pipeline of future cyber leaders, but their position as students makes it is a much more affordable option for companies that do not have vast resources to invest. If you feel you want assurance about the security of your systems, paying for a service such as a vulnerability assessment can be a worthy investment to understand your company’s infrastructure and where it could be left open to targeting from criminals.
There are several services that can be offered to businesses that you can access here, but again this is not a requirement or expectation for any of our members, it is just another option. If you would like to know more about what the ECRC can do for you, please check out our website here.
If you are unsure about anything or want some personalised advice for how we can help you, why don’t you book a chat with us today?
Reporting a live cyber-attack 24/7:
If you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress) please call Action Fraud on 0300 123 2040 immediately. This service is available 24 hours a day 7 days a week.
Reporting a cyber-attack which isn’t ongoing:
Please report online to Action Fraud, the UK’s national reporting centre for fraud and cybercrime. You can report cybercrime online at any time using the online reporting tool, which will guide you through simple questions to identify what has happened. Action Fraud advisors can also provide the help, support, and advice you need.
Alternatively, you can call Action Fraud on 0300 123 2040 (textphone 0300 123 2050)