Manufacturing is undergoing rapid digitisation, making it a primary target for cybercriminals. With the increasing complexity of interconnected systems and legacy equipment, the cyber security in manufacturing industry has become a pressing concern. In this discussion, David Atkinson, UK Head of Manufacturing SME & Mid Corporates at Lloyds, and Giles Taylor, Head of Resilience and Cyber Security, delve into the threats and strategies to combat them.
Cyber Risk Management Strategies for Manufacturers
David Atkinson: "Why are manufacturers such a target for cybercriminals?" Giles Taylor: "Manufacturers are digitising their operations. All kinds of machinery now have sensors to help optimise production, which are all potential points of entry for hackers. Many manufacturers also have legacy equipment, with software that is no longer getting the latest security updates."
Understanding Ransomware in Manufacturing
David Atkinson: "So, who are committing these cyberattacks and why?" Giles Taylor: "At the highest level, nation-states are engaged in cyber espionage. Then there are organised criminal gangs, and ransomware is their primary tool."
David Atkinson: "And what options do firms have in situations like these?" Giles Taylor: "If you have cyber insurance, your insurer will support your recovery. If not, then you will need legal, PR, and cyber incident response teams to help recover your business. You may also report the attack to your bank, to see how it can support additional demands on finance."
David Atkinson: "And what are the implications if your data and systems are exploited?" Giles Taylor: "That depends. If your IT/office systems or manufacturing systems are attacked, you may not be able to continue business and you can be exposed to further criminal acts. Any downtime can mean you breach your contractual obligations, and there can be regulatory fines too.
"Insurance can help mitigate some of this risk, but any payout will only get you back to where you were before the attack. You’ll then need to invest to improve your defences, or you will remain vulnerable."
The Role of Industrial Cybersecurity in Safeguarding Systems
David Atkinson: "How does the Cyber Resilience Act play into this?" Giles Taylor: "It obliges you to ensure that your products are cyber secure. If you produce electronic devices, for example, that could mean providing security updates for years to come."
David Atkinson: "So, what should your strategy be in the face of this cyber threat?" Giles Taylor: "It’s all about risk management; you can’t turn your organisation into an impenetrable fortress.
"That starts with identifying your most important business assets and focusing to protect these. If that is your intellectual property, then make sure that is encrypted with strong access controls. But if your priority is to make sure production continues uninterrupted, then offline backups to restore systems quickly will be more important."
"As a management team, you need to have a robust response plan. It should include the financial aspects, including working capital and cash flow, as well as operational, reputational and legal, and consider if cyber insurance would be beneficial.
Cyber security in manufacturing industry requires proactive measures. Lloyds has created a free Cyber Risk Guidance document that lays out the safeguarding steps in a very practical way."
Conclusion
As manufacturing digitisation continues to evolve, so does the threat landscape. The cyber security in manufacturing industry hinges on a combination of robust cyber risk management strategies, protection from ransomware in manufacturing, and strengthened industrial cybersecurity measures. By adopting these strategies, manufacturers can mitigate risks and ensure a secure and resilient future.
