The relentless charge of technology in the Manufacturing industry and the unification of information technology and operational technology is making cybercrime big business. Recent attacks have seen large companies including the NHS, Honda, Renault, Nissan and Mondelez International fall victim to cyber attacks that have seriously affected their ability to operate effectively. It is estimated that the average cost to a business for an attack/Breach is £3 million, that’s a lot of money to be losing, especially when it is possible to avoid these problems by implementing a cohesive cyber security protocol.
Unfortunately many manufacturers never saw cyber security as a priority in the past, however this is starting to change due to the emergence of recent attacks on businesses. Add this to the fact that the internet and machinery in general are becoming more connected with the Industrial Internet of Things (IioT), this means that manufacturers are becoming increasingly at risk of having their operations compromised by a cyber attack.
Techniques used by cyber criminals to access or disable a company’s systems include:
Malware – Short for Malicious Software, is specifically designed to disrupt, damage, or gain authorized access to a computer system. This term covers numerous types of programs including Trojan Horses, Viruses and Worms. Malware can enable a computer to be remotely controlled by a third party, monitor your actions and keystrokes or secretly send confidential information and data to another machine or network the attacker wants. In order for malware to get onto your computer, the attacker generally relies on a user to take action to install the download. This can be done by clicking a link or opening an attachment.
Ransomware – Another form of Malware except this program will encrypt the computers files until a ransom is paid to the attacker who will then decrypt your files.
Phishing – Attackers realise that not everyone will randomly open an attachment from an unknown source (allowing the download of the malware) so they use a technique called ‘phishing’. This entails sending an email to users that appears to be from a trusted source, for example, your bank. The email will ask you to click a link, download an attachment or in some cases log into their system to confirm details, all the while making a record of your usernames and passwords that you type in.
Drive-by Downloads – A program can be downloaded to a user’s computer just by visiting the site. It doesn’t require any specific action, link clicks or downloads. Once onto your system it will then reach out to another computer to download the rest of the malicious software.
Denial of Service (DOS) – During a DOS attack a company’s website will be flooded with internet traffic which overloads the servers hosting the website. This prevents genuine users from being able to access the information they require and stops the website functioning as it should.
Credential Reuse – We’re all guilty of using the same password for multiple accounts online despite advice stating that each account you have should have a unique password. Attackers rely on this fact and once they have gained usernames and passwords from a breached site or service (or acquired them from the black market) they know there’s a chance they could access other accounts with that information.
Whilst this is not an exhaustive list, hacks can come in all shapes and sizes and hackers evolve and develop new methods if the old ones stop working.
Improving your Cyber Security
Unfortunately there is no magical elixir that will create a quick fix for these issues. The growth of the IioT has created even more difficulties in protecting a company’s systems but there are steps you can take to reduce the possibility of an attack.
Updates – Ensure all of your software and applications are up to date to prevent hackers attacking publicly known weaknesses in your software.
Staff – Ensure your staff are aware of steps they can take to prevent hackers exploiting their computers. This would include email awareness with regards to phishing scams and malware links/downloads.
Anti Virus/Anti Malware – Ensuring your computers all have up to date antivirus software will help to detect any threats as soon as they appear.
Back-ups – Ensure your systems and data are backed up.
Devices – Ensure you know all devices, including staff devices that will be on your network and ensure they are all secure.
Cloud Devices – If you are using a public cloud service you can now get dedicated private connections that bypass the public internet.
Passwords – There are many password management systems available to help ensure all users have unique passwords for all accounts they access.
System – Annual IT tests and penetration tests to simulate an attack and detect any weaknesses in your network or systems.
Further information is readily available online or you can consult a security expert to help your company devise a plan to ensure your business is safe and secure.
I'd also like to take the chance to thank you for all your help during my time with Ambitek. I have always been paid on time and any worries I had were sorted out incredibly quickly either by yourself or your colleagues. Thank you for making my time as a contractor as painless as possible. I would certainly have no qualms about being employed by your agency again sometime in the future. Although obviously not any time soon!!!!
I contacted Ambitek last year about employment. They quickly responded and helped me get a job! I now have a full time job thanks to Ambitek and their staff. They have always paid me on time and have always been there to help me if I needed any advice! Now me and my family are doing great all thanks to Ambitek.
"Hi, hope your all set for Xmas just wanted to say thanks to you and all the staff at Ambitek. You have all been ace this year sorting out my wages and holiday pay and the rest, it's been a real pleasure working for you this year and can't thank you enough for getting me the job in the first place it really pulled me out of it when I was down and to say I appreciate it is an understatement
Hi, thank you for having me work for Ambitek, it’s been a pleasure
Hi, just wanted to say thank you for all your help placing me, as today I signed a permanent contract. The agency have been fantastic and in the future I wouldn't hesitate in contacting you if I need a job or recommending you to others. Once again, thank you and I would like to wish you all the best for the future. (One happy customer!)
Hi, don't know if they informed you but I got a full time contract this week, thanks to you and your team for everything mate I'd be nowhere without Ambitek.
Wish everyone looked after us like you.