In 2017, the cyber-crime pandemic which had engulfed the world with its deadly wrath, cost businesses around the world a whopping $600 billion, accounting for approximately 0.8 percent of global GDP. In regard to industry, technologic innovation, particularly that of the increased use of connected devices has allowed for massive inroads to be made in terms of productivity. The issue, however, is the fact these devices have created a larger space to which companies could be attacked. A report conducted by Kaspersky Lab in 2017 discovered than in the first six months of 2017, more than one-third of all cyberattacks were committed against manufacturers.
Back in the early ‘90s, companies may have had a handful of computers, all running off dial-up, wired internet. Now, almost three decades on, we are faced with a situation where most members of staff will have access to a computer, a laptop, a smartphone, and a tablet, plus much more. Despite this variety of products, which all work in coincidence with one another, aiding efficiency and performance, they all provide another possible avenue for cyber attackers to enter the mainframe through.
Why is it that manufacturers are being targeted so intensively by cybercriminals? Manufacturers actually tend to offer attackers a lot in the way of valuable material — from details of currently ongoing projects, which if stolen, could be replicated and sold, to information regarding trading partners. However, in recent years, these crimes could often be carried out by terror groups, who are seeking to steal blueprints, or similarly details that could go onto disrupt or destroy the production process.
Bronze Butler, (as they are commonly known in eastern Asia), are a group who, for the past decade, have been attempting to infiltrate a host of manufacturing companies in Japan via their cyberinfrastructure. The group, who are known as Tick, have been conducting efforts to steal crucial, confidential data from the Japanese firms, alongside hacking their IP addresses.
Although Japan has experienced a multitude of issues in regard to cyberattacks, they aren’t alone — Europe, similarly, has fell victim to a host of challenges by criminals. In 2014, a group of hackers successfully entered the computer mainframe of a German Steel Mill, controlling the settings of a blast furnace within the plant, eventually causing serious damage.
Although manufacturing companies have begun to invest significant capital in the fight against cyber-crime, in relation to other industries, they are still massively lagging behind, and if they are to fight off future attacks, they must be more vigilant.
Here, with Kerridge Commercial Systems, who provide stock control systems, we take a look at the measures you must assess.
When it comes to ensuring your connected devices are actually protected from attack, there are two main things you should consider:
It may seem fairly self-explanatory, but, if you’re going to be able to put a genuine fight against cyber attackers, then you need to put yourself in their shoes. The tricky aspect of battling against those who are committing cyber-crime is the fact you will never see them; however, you do have the upper hand. All they have access to is what you have — and nothing more.
Start off by collating a list of all the potential entry points. Every single device, from television to CCTV, from a smartphone to the office party designated Wii can be considered a way of hackers getting in. Despite the fact, you may see little harm in the likes of these devices, those that are committing these crimes are experienced in their field. Take for example a major casino getting brought down by hackers who managed to get access via fish tank which was connected.
We suggest creating an inventory of all your devices, not just the ones which you presume to be a danger, but all of them. Obviously, you can manually count the devices, however, there are innovative technologies such as network profiling, which significantly reduce the time you need to devote to examining all your devices.
Alongside analyzing the number of devices that are connected to the network, it is also worth monitoring activity. General spikes in usages or differing behaviors can indicate that a cyber attack is imminent, however, for this to be accurate, every time you introduce a new device, it is crucial you update the baseline — otherwise, it will be virtually impossible to track.
Once you have considered the visible nature of the devices, then you must focus on the general control in place. This includes the internal security practices involved, the network in itself, and the security capabilities of the devices. The main areas worth attention are:
- Asses your security regularly – Carry out security assessments of your devices on a regular basis
- Current — We might be guilty of ignoring the regular updates that our devices suggest, but, they are they for a reason. Both operating systems and software need to be updated on a regular basis to dispose of any bugs or potential hacks.
- Anti-virus — Establish a firewall and, similarly, proxy devices to protect your devices from potential vulnerabilities. Simple, yet effective!
- Damage limitation — By using VLANs and ACLs, your business can prevent the amount of damage that a potential breach can cause. Segmenting your business’ network, through separate virtual local area networks and subnets with access control lists limit the access which can be gained during an attack.
- Personalize — Despite what may seem like a given, be sure to change the passwords from the default settings. Getting hacked is bad enough, without it occurring thanks to sheer negligence.
The number of internet-enabled devices in the world is exponentially growing. In 2015 there were 15 billion. By the end of 2018, that figure had risen to 23 billion, and by 2025, the previous figure is expected to triple, meaning there will exist 75 billion devices capable of accessing the internet in less than six years. As the Internet of Things continues to grow at this alarming rate, manufacturing companies need to take heed and quash the potential threats that they are undoubtedly exposed to.
More businesses are beginning to discuss the importance of digitalizing across their company — in a bit to appeal to the best caliber of candidates in the country. There are many companies that offer unlimited holidays, shorter working hours and the opportunity to work from home. But are these beneficial for the business?