Over recent years, cybersecurity threats have become a greater risk to every industry, and manufacturing is no exception to this rule. Manufacturers play an important role in the economy, being responsible for the production of goods and services, and they are pivotal to supply chains of all sizes. In recent years, multinational corporations including Toyota, Simpson Manufacturing Company, Bridgestone Americas and Johnson Controls have all made the headlines after falling victim to cybercriminals. However, the statistics show that smaller businesses are no exception to the rule. Online fraud and cybercrimes work by targeting online vulnerabilities, and from huge global companies right down to micro-businesses and sole traders, there is something to be gained for criminals.
When considering cybersecurity, it is important to understand how and why manufacturers are targeted. In almost all cybercrimes, criminals are seeking to gain money and sensitive information. As a manufacturing company grows, so does its online operations, which increases the attack surface for a criminal. Manufacturing companies tend to be interconnected in their nature, through digital systems and networks, and through their position in supply chains. Unfortunately, every single partner, supplier and vendor that is connected to a company, represents a potential access point for a cybercriminal. This increases the likelihood of being purposely targeted, either using associates in your network to access you, or using your vulnerabilities to access somebody else.
The importance of timely and efficient production in manufacturing also places these companies as ideal targets for ransomware. Organisations may be seen as more likely to pay a ransom fee to minimise disruption to their company and preserve their finances and reputation. As well as this, phishing is also a common method of attack, using social engineering to trick individuals into downloading malware or unintentionally providing criminals’ unauthorized access. And that’s not all, Distributed Denial of Service (DDoS) attacks and insider threats also pose risks to these organisations.
What does Cyber Essentials do?
Considering this issue as a smaller business with limited assets can be a daunting subject. However, one of the best ways to increase cyber resilience is to ensure that you have implemented the fundamental practices of good cyber hygiene. Seeking a Cyber Essentials certification is a way to simplify this process at a minimal cost to your business.
Cyber Essentials is a government-backed scheme that assists with putting technical controls in place to help you stay protected from cybercrime. There are two options, Cyber Essentials and Cyber Essentials Plus, and at its most basic level it is a checklist of actions and protocols that reduce your risk profile and help you to defend against common threats including malware, ransomware and phishing.
The result of this is a certification that leaves your employees, customers, and client base assured in the knowledge that you have considered the cyber security of your company, identified any existing vulnerabilities, and worked proactively to rectify any issues. Most cyber-attacks target businesses that are lacking certain basic technical controls. Becoming Cyber Essentials certified will require you to have these in place, therefore reducing your likelihood of being targeted. Whilst the qualification does come at a cost to your business, it is affordable, and a fractional investment in comparison with the potential costs of a cyber-attack.
Choosing to become accredited in this scheme removes the pressure of trying to cover all bases when it comes to cybersecurity, because the requirements are listed for you. The accreditation ensures that you are aware of the common threats facing your organisation and how to spot them if they make it through your defences.
What can the ECRC do for me?
Becoming a free member of the Eastern Cyber Resilience Centre ensures that you are supported in making the small changes that make the biggest difference. When you become a free member, you are enrolled onto our online training programme; an email series that gives you actionable steps to improve your cyber resilience, delivered in a way that is digestible and accessible to a non-technical audience. For those interested in seeking a Cyber Essentials certification, following this series will leave you compliant with most of the criteria. This allows you to build your cyber resilience in increments, which is ideal for business juggling multiple priorities.
Additionally, if you decide to go through with Cyber Essentials, the ECRC have several Cyber Essentials Partners, who are companies accredited to deliver this qualification for you. They are all cyber security companies that operate within the Eastern counties of the UK, however there are companies across the UK that can do this for you and there is no requirement to choose one of our partners.
Finally, the ECRC offer various affordable cyber services, designed to help SMEs assess, build, and manage their online networks. Delivered by university students working for Cyber PATH, these services can help those who feel unaware of their potential vulnerabilities online and assist with developing the right strategies to respond to potential incidents in the future. Through Cyber PATH, students are trained and overseen by senior ethical hackers to deliver these services, which supports the industry talent pipeline and keeps the cost to an absolute minimum.
Ultimately, cybersecurity continues to be a pertinent issue for manufacturing companies of any size, and it is important for businesses to take the time to consider their position, and work towards improving their cyber resilience in a way that works for them.
If you have any questions about Cyber Essentials or wish to know more about cyber resilience and how the ECRC can help you, please book a chat with us today.
Reporting a live cyber-attack 24/7:
If you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress) please call Action Fraud on 0300 123 2040 immediately. This service is available 24 hours a day 7 days a week.
Reporting a cyber-attack which is not ongoing:
Please report online to Action Fraud, the UK’s national reporting centre for fraud and cybercrime. You can report cybercrime online at any time using the online reporting tool, which will guide you through simple questions to identify what has happened. Action Fraud advisors can also provide the help, support, and advice you need.
Alternatively, you can call Action Fraud on 0300 123 2040 (textphone 0300 123 2050)