Why companies of any size should take steps to prevent cyber-attacks
Cyber-attacks are becoming more commonplace — research from the UK Government’s Cyber Security Breaches Survey 2021 found that 39 per cent of businesses reported a cyber security breach or attack in the previous twelve months. As manufacturers use Internet of Things (IoT) devices to improve connectivity, businesses should consider how they can better protect their network to protect their business from attacks. Here, Paul Holding, solutions architect at IT security consultant Ripley Solutions, explains why SMEs need to prioritise cybersecurity to better protect their facility.
Improving interconnectivity enables hackers to access a network in more creative ways. For example, hackers once stole high roller data from a North American casino by accessing the network in an unexpected way — a thermometer in a fish tank. The hackers gained entry to the casino’s IoT network using the fish tank thermometer, accessed the database and stole 10 GB of data. While this attack may seem like one in a million, manufacturers should consider how they can protect potential gaps in their network.
To realise Industry 4.0, manufacturers are investing in IoT devices that improve interconnectivity across operations. Digitalising can be a slow process, particularly for SMEs that might want to make incremental investments rather than increasing budgets to overhaul operations. While this method ensures that SMEs invest in the right equipment and processes to improve productivity in their application, they should consider how it could leave them vulnerable to attacks.
Myth busting
When large, global organisations are targeted in a sophisticated cyber-attack, the news travels fast. As a result, there is a common misconception that small firms are less at risk because they are not a worthy target. In reality, it can be easier to access information from smaller businesses — cloud security company Barracuda Networks found that small businesses are three times more likely to be targeted by cybercriminals than large businesses.
This is often because smaller businesses do not prioritise cybersecurity and leave systems vulnerable. Any oversights when implementing new technology means that businesses unintentionally create backdoors in both IT and operational technology (OT), where newer technology has Wi-Fi capabilities.
Finding vulnerabilities
While a smaller business may not seem like a worthy target, they are often an easier target. Just like manufacturers can automate their operations, hackers can automate their attacks, targeting multiple businesses to find those with less stringent technological defences. For example, as manufacturers invest in IIoT devices to optimise production and improve data collection, they will introduce more opportunities for hackers if machines are not properly protected. Much like an open window, any connectable device on the shop floor is a target for criminals, so just because a connected device doesn’t store data, it doesn’t mean it won’t need protection. However, as we saw at the casino, hackers just need an entry point and can find data from there, holding it to ransom.
Smaller businesses should also think about how humans can be the weak point in cyber security. If employees are unaware of the importance of online security, they may fall victim to less advanced attacks, such as phishing emails, using memory sticks that could be infected with malware or misplaced by an employee. The risk of human error caused data loss highlights that investing in the latest, shiny, technology is not always the solution if employees aren’t properly informed of their role in protecting the facility.
Closing these windows can be a challenge for SMEs that cannot always afford the dedicated IT departments that larger companies employ.
Building defences
The first step to securing a smaller business is inspiring cultural change. As already mentioned, human complacency is a target for less sophisticated attacks, so training for employees is the cheapest, simplest, and most effective strategy for immediately improving security. Businesses can then build a layered network defence through firewalls and strong passwords to ensure hackers are unable to see everything if they gain access to a device on the edge of the network.
SMEs that don’t have internal IT security specialists can also look for support from external sources. Ripley Solutions, for example, uses its expertise in IT and operational technology to carry out cyber security assessments to look at operations and processes, assess potential risks and offer practical recommendations.
Cyber security should never be a gamble for smaller businesses — just because the news reports stories of larger or more outrageous hacks, doesn’t mean they don’t occur elsewhere. By finding potential weaknesses from people and equipment and building defences with secure networks, manufacturers can reduce the risks and costs of an unexpected attack.
If you’re an SME that wants to improve cyber security in your facility and are interested in our managed cybersecurity services, speak to IT security consultant Ripley Solutions about a cyber security assessment and advice on how to secure your equipment network.