Ransomware attacks and security breached are becoming the new normal for manufacturers around the world, but, the United Kingdom has been hit especially hard.
Nearly half of UK manufacturers have been hit by a cyber-security incident, according to a report by an industry organization, which calls for greater government focus on the specific security needs of the sector.
Some 48% of UK manufacturers admit they have at some time been subject to a cyber-security incident, with half of them suffering financial loss or disruption to business as a result, a survey shows.
“There seems little doubt that many more attacks will have gone undetected, and that cyber-related risks for manufacturers are only likely to deepen and broaden with increasing digitization,” according to the survey report published by manufacturers’ organization EEF in partnership with insurance firm AIG and the Royal United Services Institute (RUSI).
While 91% of the nearly 170 UK manufacturing businesses polled are investing in digital technologies, 35% consider that cyber vulnerability is inhibiting them from doing so fully.
“This suggests that opportunities are being missed and some businesses risk falling behind in the race to digitize. The result must not be that the UK falls away from the vanguard of manufacturing excellence,” the report said.
Across the manufacturing sector, the report said cyber-security maturity levels are “highly varied” both in terms of awareness of the cyber-security challenge and the implementation of appropriate risk mitigation measures.
More than four in 10 manufacturers do not believe they have access to sufficient information to confidently assess their specific risk, and 45% are not confident they are prepared with the right tools for the job.
According to the report, a “worryingly large” 12% of manufacturers surveyed have no process measures in place at all to mitigate against the threat, and only 62% of respondents said they train staff in cyber-security, while 34% said they do not offer cyber-security training and 4% said they did not know.
The EEF welcomes the steps the government is taking to improve national cyber-security resilience, the report said, but notes that to date, no priority has been given to the specific needs of manufacturing.
“This must change. There needs to be a particular focus on the requirements of our sector, recognizing that a one-size-fits-all approach for business is insufficient and, equally as importantly, comprehensive security cannot be the exclusive domain of large businesses who can afford bespoke end-to-end protection,” the report said.
The need to have demonstrable cyber-security safeguards in place is becoming ever more necessary to operate in the business environment, the report said, with 59% of manufacturers reporting that they have already been asked by a customer to demonstrate or guarantee the robustness of their cyber-security processes, and 58% saying they have asked the same of a business within their supply chain.
For the 37% of manufacturers who report that they could not do this if asked to today, business will become increasingly challenging, the report said.
“However, while some manufacturers are only at the beginning of their cyber-security journey, as this report shows, sensible precautions and a proper cyber security business plan are in reach of all. These measures will provide the confidence businesses need to invest in digitization, and the credibility to operate in the sector as a trusted supplier,” the report said.
Manufacturing companies are one of the most popular targets for cyber criminals, based on the sheer amount of classified information they hold.
Increases in cyber-attacks targeting manufacturing can be attributed to a growing number of financially motivated, state-sponsored hackers. Typically, government-funded organizations target manufacturers’ networks to steal intellectual property (IP) and trade secrets. Data or more specifically intellectual property is the lifeblood of this industry and it must be protected accordingly.
Experts recommend a multi-layered approach that goes beyond perimeter security to include continuous ICS monitoring and analytics, automated threat modeling, vulnerability management and threat intelligence.
Ashford, Warwick. (2018). "Nearly half of UK manufacturers hit by cyber attacks". Retrieved from https://www.computerweekly.com/news/252439718/Nearly-half-of-UK-manufacturers-hit-by-cyber-attacks.