According to an IBM report into cyber security, manufacturing is the 2nd most hacked industry, second only to healthcare. This may come as a surprise; after all, it is easy to assume that the financial sector takes the biggest hit from cyber-attacks. While this might have been true a few years ago, since 2014, they have heavily invested in cyber security, leaving hackers at a loose end.
The manufacturing industry is currently moving at speed into the digital age and adopting Industry 4.0 practices. Despite this revolution, the investment in cyber-security hasn’t kept up resulting in potentially vulnerable systems.
When hackers have attacked smart factories before, they have been able to create time consuming, financially draining and even dangerous problems by taking control of machinery and the computer systems that run them.
With physical harm and even harm to human life at risk, it is tempting for some manufacturers to want to keep their factory offline. This is a short sighted decision though that will impact on their growth in a competitive market. Instead, we recommend investing and taking precautions. If the banks have protected themselves, so can you.
Most hackers are motivated by money and by using ransomware they will attempt to get into your databases to access valuable data. They do this to either use the data themselves or prevent your business from accessing it by holding it to ransom. Client data is the most lucrative to hackers and losing it can have the most detrimental impact on a business.
Here, are some things you can do to protect your manufacturing business from a data breach.
1. Install a cyber security system. Some manufacturers avoid installing one for fear of restricting productivity claiming employees can’t easily access the systems. Do your research but make sure you do not go without; the cost of a cyber-attack is far greater. Cisco and McAfee are popular options but many are available.
2. Make sure the cyber security systems stay updated.
3. Do not use the same password for every log in portal. If a hacker has correctly accessed part of your system with one correct password they will try that one again.
4. Make sure all passwords are more than 8 characters, have special characters, caps and no caps. Less than this and a ‘Brute Force’ attack is more likely to be successful. This involves software running malicious scripts that run through combinations of letters and numbers in seconds. The longer and more complex the password, the harder it is for this to be successful.
5. Change your passwords regularly and make sure that each time you don’t simply follow a pattern of adding a new number. This can be easy for hackers to recognise. Make sure each password is completely unique.
6. Train your employees on the importance of cyber security and make it clear that downloading any unauthorised software on to the factory systems is forbidden. Many attacks are the result of malware that has been accidently downloaded by a naïve worker but have gone onto infect the entire server and cause untold and expensive damage.
7. Employees should be taught the correct processes to handle confidential data.
8. Lastly, with regards to employees, make sure they know the protocol in case of an attack. Run drills like you would with a fire. The quicker an attack can become under control the less detrimental it can be.
• Be aware of email fraud. As the systems protecting the manufacturers are increasingly more sophisticated, fraudsters are employing old fashioned tactics with a new technological twist.
It is very easy to set up an email account in a false name and make it look as if it is coming from someone you have regular contact with already, therefore someone you already trust. They may have already hacked into your suspected clients emails and be able to reference things you have discussed in the past. Invoices and payments can be made within this conversation that transpires to be fraud.
This criminal activity is called mail phishing but you can protect your business with domain keys; an email authentication system that checks all emails and compares them to the server they come from. This will ascertain if the emails are coming from the same place they claim.
• SPF is another system you can use which will make sure emails only go from machines that are authorised from your domain. None can be sent as valid email without going through your server. This stops the hack being done to your email.
• Even with these systems, it is still good practice to encrypt or put password protection software on any valuable documents you are sending on email.
There are of course no guarantees that after following all this advice, you won’t become victims of cyber-attack. A big factor is staying informed and understanding the latest developments in cyber security, you must attempt to stay one step ahead. There is a war going on right now between the hackers and those that protect us. Don’t fall behind, educate yourself and give your manufacturing business that greatest chance of victory against the hacks.