Manufacturers’ organisation Make UK has shared an in-depth report by the Financial Times on the state of cyber security, which found that SMEs are bearing the brunt of recent attacks.
The report details how challenges such as COVID-19, the war in Ukraine and digitalisation are affecting companies’ ‘cyber hygiene’ and how they can protect themselves effectively.
In 2021, manufacturing overtook financial services as the most targeted sector for cyber attacks, yet research shows that most manufacturers are yet to prepare themselves properly. In a survey of 350 industrial companies across Europe and the US, the Financial Times found that less than half had simple procedures in place such as regular data back-ups or cyber training for staff, and only a third regularly prompted staff to change passwords or demanded mandatory software updates.
Other examples of recommended measures include introducing permissions/privileges controls, mandatory use of VPNs and creating an internal team to probe systems for weaknesses.
More interconnected supply chains and vulnerabilities linked to digitalisation and the Internet of Things (IoT) are increasing the risks for unsuspecting manufacturers. For example, earlier in 2022 Toyota shut down all of its plants in Japan after a suspected cyber attack on one of its suppliers.
SMEs are also increasingly being targeted, with research cited by the Financial Times suggesting that it is SMEs that are bearing the brunt of recent attacks. As our Senior Manufacturing and Sustainability Advisor Geoff Crossley explained in a previous blog, SME manufacturers should get used to the fact that their size does not exempt them from criminals’ attention:
“I cannot emphasise enough how close every manufacturer is to potential harm. I know quite a few SMEs who have ended up paying criminals to release their data due to ransomware and many others who have lost valuable data.
“A cyber security ‘gap’ is emerging between those investing in their defences and those who are falling behind. As a result, cyber criminals are turning their attention to less secure, smaller organisations and individuals. If you receive a lot of emails, use remote payments or regularly receive files and data from other organisations, consider yourself at high risk. You wouldn’t allow someone to bypass safety procedures on the shopfloor, so don’t allow it in the office.”
[Cyber security basics]