One in five staff in the manufacturing industry say they have been involved in a security breach or loss of sensitive business data, according to a survey by Impero Software, a provider of software solutions to help people connect safely online.

In the survey, 400 manufacturing employees were asked about their cybersecurity behaviours and experiences. The results showed:

• 28% of respondents said they felt they lacked the confidence to recognise and report cybersecurity threats at work
• 30% want their employers to improve the quality of cybersecurity training
• 40% would consider resigning if their company was involved in a major security incident.

Sam Heiney, VP of Product, Impero, shares his thoughts on prioritising cyber security.

Hi Sam! What is your advice to any manufacturing business hit by a cyber-attack? What should their first step be?

“As the recent cyberattack on Toyota revealed, it’s important to respond quickly and thoroughly. IBM Security’s report last month showed manufacturing was the most-attacked industry in 2021. Attackers targeting manufacturing companies now look for weaknesses in supply chains and third-party vendors. Toyota felt the impact of attacks on DENSO and Bridgestone Americas last month, which added to the weight of the attack on Toyota itself. A key first step should be to check where potential vulnerabilities have been exploited and take action to address them. You can claim to have the best cybersecurity technology in place and strong levels of staff awareness, but if your supply chain and vendors partners’ processes are not up to scratch, your organisation is still exposed to risk”.

Is cyber-attack prevention better than a cure?

“It’s often better to think about threat reduction and remediation, rather than prevention. Focus on keeping the most critical areas of the business under strict protection, while understanding that blocking every incursion is not feasible. You can’t save every partner in your ecosystem from attack, for example, but you can set and enforce strict guidelines for vendor cybersecurity in an attempt to reduce the impact of an attack”.

Do you think the next pandemic will be a cyber one?

“Cyber threats are always evolving and advancing, but defences always find a way to keep up. There is good reason to believe that a cyber pandemic can be avoided. As long as organisations continue to make cybersecurity a top priority, invest in the training and tools their teams need, and address the potential vulnerabilities of strategic partners, cyber threats can be kept under control. There are simple ways to do this, like keeping technology updated, patching, and enforcing clear policies for using different devices to access, manage and share company data. The issue at this point is more about prioritising cybersecurity and ensuring it is firmly placed on the boardroom agenda”.