Fighting the hidden enemy: how can your organisation combat cybercrime?

Cybercrime has become a major buzzword in recent months. Anyone keeping half an eye on the news will be familiar with phrases such as ‘Hillary’s emails’ and ‘Beckham’s knighthood’. The issue, however, is not restricted to those at the very top. Businesses of all shapes and sizes are finding themselves faced with the growing threat posed by cyberattacks, and the manufacturing industry is no exception.

Why is manufacturing a prime target?

No organisation is immune to cybercrime, but those in the manufacturing industry are particularly vulnerable. Two factors play a part in this. On the one hand, cybercriminals are attracted to the wealth of intellectual property and sensitive data possessed by manufacturing firms. The 2016 Manufacturing Report suggests that attacks on the sector costs the United States alone billions of dollars each year in lost intellectual property.

These attacks can come from both within and outside of an organisation. Internally, breaches occur most frequently when an employee shares confidential information out of spite or for financial gain, while competitors looking to undercut a rival by uncovering its secret designs, patents and industrial processes most commonly launch external attacks. This double-edged sword makes it twice as hard for manufacturers to insulate themselves from the threats of cybercrime.

But while it can be seen as an unfortunate victim, the industry appears to be doing little to improve its situation. Findings from EEF, Britain’s leading manufacturing employers’ organisation, support this. Although two-thirds of manufacturing executives cited cyberattacks as a major concern, only half of Britain’s manufacturers increased their cybersecurity investments in 2016 - this number decreases to 44 percent when we include only SMEs.

More alarmingly, a mere eight percent of manufacturers reported full confidence that their cyber protections would prevent an attack. Whether it takes the form of sophisticated espionage or smash-and-grab hacking, this sluggish approach is making the manufacturing industry a sitting duck for opportunistic cybercriminals.

How can cyberattacks be prevented?

A fine balancing act is clearly required from manufacturers. While remaining constantly vigilant, the sector must take a far more proactive approach towards cybersecurity.

Organisational planning is key here. Senior management teams within manufacturing firms must work with their IT departments to develop a holistic cyber risk strategy based on around-the-clock surveillance along with a comprehensive risk register with appropriate controls being identified. Complemented with increased investment in protective software and talent acquisition, this approach should be seen as the first port of call for an organisation looking to develop its cybersecurity strategy.

How can staff help to keep cybercriminals at bay?

Administrative frameworks, however, can achieve only so much. When it comes to improving cybersecurity, employees also have a vital role to play.

Again, there are two sides to this coin. One concerns the human vulnerabilities associated with cybercrime. As efficient as a firm’s cyber strategy might be, one simple mistake from an employee can render these defences futile.

For example, by responding to a seemingly legitimate phishing email, or by falling for a convincing scam phone call, workers can provide hackers with all the information needed to access an organisation’s internal systems. Once inside, it takes little for hackers to steal whatever information they need, safe in the knowledge that the server believes their actions to have been carried out by a trusted staff member. By making employees aware of these threats, educating them on how they can be avoided, and developing a procedure which allows employees to report mistakes before they inflict lasting damage, manufacturers can go a long way in strengthening their cyber defences.

At the same time, any internal threats must be treated with this same level of vigilance. As a significant number of cyberattacks reported by organisations are actually carried out from within the company, it is not unreasonable to claim that many of these breaches could have been avoided, had employees been able to recognise that their colleague was stealing valuable information. Again using education as a resource, firms can promote a culture of self-regulation which allows rogue workers to be identified and reported before their efforts are successful. Of course, technology such as Data Leak Prevention solutions can provide extra eyes – but the human factor is critical. Effectively managed, this would go a long way in bolstering a company’s cybersecurity, reducing the strain on its defences and ensuring that its cyber strategy can focus on unavoidable threats.

By Robert Rutherford, CEO of IT consultancy QuoStar

Follow @ManufacturingGL and @NellWalkerMG