Story image

Report finds UK manufacturers’ cybersecurity severely wanting

23 Apr 2018

Nearly half of UK manufacturers have been victims of a cybersecurity incident.

The findings come from a report released by EEF, surveying almost 170 manufacturers across the UK.

According to EEF chief executive officer Stephen Phipson, a comprehensive approach to cybersecurity is not something that manufacturers can afford to ignore given the sector is now the third most targeted attack, behind only government systems and finance.

Despite this, Phipson says manufacturing is one of the least protected sectors against cybercrime.

“The 4th Industrial Revolution represents an unprecedented opportunity through interconnectivity. But that very openness brings with it increased risk. Cyber-vulnerability is a major barrier to business and growth; threatening loss of data, theft of capital and intellectual property, disruption to business, and impact on trading reputation,” Phipson says.

“Manufacturers must urgently take appropriate steps to protect themselves. Our sector is already a significant target for malicious activity in cyberspace, which impacts businesses in a variety of ways. Increasing digitisation means that the challenge is likely to both broaden and deepen.”

Some of the key findings from the report include:

  • 48 percent of manufacturers have at some time been subject to cybersecurity incident, half of whom suffered some financial loss or disruption to business as a result
  • 12 percent have no technical or managerial measures in place to either assess or mitigate against the threat from cyberattack
  • 41 percent do not believe they have sufficient information and advice to confidently assess their specific cyber-security risk
  • 45 percent are not confident that they have the right tools, processes and technologies to mitigate cyber-security risk
  • 59 percent have already been asked by a customer and 58 percent have been by a business within their supply chain to demonstrate or guarantee the robustness of their cybersecurity processes - 37 percent couldn’t do this if asked today

EEF welcomes the steps the government is taking to improve national cybersecurity, but is concerned with the fact that to date it has been a ‘one-size-fits-all’ model with no priority given to the specific needs of manufacturing.

Digital Guardian director of cybersecurity Tim Bandos says the reason manufacturing companies are one of the most popular targets for cybercriminals is because of the sheer amount of classified information they hold.

“Increases in cyber attacks targeting manufacturing can be attributed to a growing number of financially motivated, state-sponsored hackers. Typically, government-funded organisations target manufacturers' networks to steal intellectual property (IP) and trade secrets. Data or more specifically intellectual property is the lifeblood of this industry and it must be protected accordingly,” says Bandos.

“It’s recommended that organisations take a KPI (Key Performance Indicator) perspective to cybersecurity, by setting goals and metrics to improve security stature.  A key benefit of this is the ability to develop a heat map of sorts, to outline where they should be focusing their efforts and/or where they should continue to invest in protecting their most sensitive assets.”

Exabeam VP of products Sylvain Gil says there is a serious issue with industrial systems in that many of them are old (ten to twenty years old in some cases) and there is not necessarily a practical way to upgrade them due to the criticality of their availability.

“Industrial networks were designed before cyber threats emerged and as a result, they lack the visibility and policy enforcement layers that enterprise IT networks have. We need more insight into the behaviours of these systems,” says Gil.

“They are rudimentary and were never thought to be vulnerable to people outside the operating facility – but they certainly are. We’ve seen enough examples that we know they can be manipulated, not just in terms of being used for cybercrime, but they can actually have physical consequences, as well, like a shutdown or explosion.”

Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.
Exclusive: Ping Identity on security risk mitigation
“Effective security controls are measured and defined by the direct mitigation of inherent and residual risk.”
CylancePROTECT now available on AWS Marketplace
Customers now have access to CylancePROTECT for AI-driven protection across all Windows, Mac, and Linux (including Amazon Linux) instances.