A major attack on web-enabled infrastructure is a case of “when, not if” according to head of the National Cyber Security Centre, Ciaran Martin. Indeed, Martin believes the UK is lucky to have gone this far unscathed. Yet it seems many businesses are taking insufficient steps to mitigate this risk and suffering the consequences — especially in the manufacturing industry.
In 2017, studies found that nearly one in five organisations aren’t prepared for cyber hacks. Manufacturing in particular can be a prime target for cyber-criminals who focus on acquiring sensitive data or disrupting access to systems and operational technology. Hackers can directly impact a factory’s production by holding it for ransom, where the options are to either pay up to get the production line running again or risk losing money.
The UK has already suffered stealth attacks on more than 80 manufacturing plants
Last month, EEF revealed the UK has already suffered stealth attacks on more than 80 manufacturing plants, and 48% of manufacturers have experienced a cyber security incident. But as more machines are wired to the Internet of Things (IoT) and data-driven factories become common, better defences are vital to safely reap the rewards of Industry 4.0.
So what exactly should manufacturers be doing to better protect themselves from such attacks?
Understanding the IoT threat
It’s important to start by noting that rising IoT adoption is positive for the industry. By connecting each aspect of operations — from autonomous machines on the factory floor to human teams overseeing performance optimisation and maintenance — firms can enhance efficiency and productivity. For instance, by analysing data from connected tools, systems and employees, companies can gain complete visibility of organisational activity and improve multiple areas, such as quickly fixing faults and re-distributing assets to avoid potential bottlenecks. So, it’s little wonder 91% of senior industrial executives think data from connected things will help reduce expenditure, with the IoT expected to provide a £27.1 billion boost for UK manufacturing by 2020.
Yet greater connectivity does come with one key proviso: to realise its benefits, businesses need robust security. Without adequate measures to protect every device in a network, vulnerable links in the chain may be discovered by hackers and used to infiltrate systems. This means that not only could equipment be at risk — research by Politecnico di Milano highlights it is possible to hack and reverse-engineer software controlling smart tools — but so might sensitive data transmitted using weak encryption. To safeguard their businesses, it’s therefore crucial manufacturers deploy stringent network-wide defences.
Three steps to greater security
With varied connected technologies used by manufacturers in myriad verticals, there is no panacea for all IoT threats. By far the best approach is a multi-faceted, ongoing commitment to managing internal security. There are three central steps companies should follow
1. Don’t skip updates
Although it sounds obvious, ensuring network and software systems are regularly updated is a core element of effective cyber security. Indeed, use of outdated software was cited as a prominent concern for IoT manufacturing tech in the Politecnico di Milano report. The issue is that, like PCs, failing to install updates — such as patches for operating systems — leaves IoT tools open to attacks by hackers exploiting known weaknesses with older versions of software. This makes it paramount to constantly monitor and install updates for all systems, as well as continually testing and reinforcing the power of the firewall.
2. Employ strict permissions
Passwords are not enough to protect IoT networks. Not only are they frequently forgotten and simple to hack, but they can also be stolen and held to ransom by cyber criminals. Instead, businesses should be increasing their reliance on approaches that can give access to select individuals, based on biometrics-based permissions. Using factors that don’t change as individuals age — fingerprints, vein patterns, retina scans — this method relies on details that are difficult to fake, but relatively easy for employees to present as proof of identity, which makes them secure and efficient.
3. Take stock and make a plan
At present, 41% of UK manufacturers don’t feel they have enough information to confidently assess the specific risk of a cyber attack, which means they are unlikely to possess the insight needed to develop an effective response plan for if — or when — a hacker comes to call. Both of these shortcomings are serious gaps that businesses must work to plug, quickly. It is paramount for manufacturers to create a comprehensive map of IoT networks that covers every devices and all data flow. Only then can they pinpoint potential weak spots and build strategies for shoring up defences, and minimising the impact of attacks.
Most manufacturers know that to keep IoT-fuelled technology secure, it’s also necessary to implement intelligent defensive tools: that’s why more than 90% of manufacturers say they are already investing in digital tech. But it’s also imperative to remember that the surest defence is to cover multiple bases: not just implementing and updating software, but also vigilantly watching threats, utilising sophisticated authentication, and keeping track of each connected tool. After all, to master an ever-evolving area such as the IoT, a versatile security strategy is key.