Spend wisely to address cyber threats
Brian Harrison highlights the findings of a report on cost of cyber security testing for UK manufacturers.
In 2018, the UK manufacturing industry spent £2.12bn on security testing to keep digital assets and infrastructure safe from cybercriminals. Despite this 40% of all manufacturers registering a cyberattack in 2018. This must lead us to believe that the current processes are either not there, or not working. The manufacturing industry must not only consider its own assets, but their vast and complex supply chain that involves technology, third-party suppliers and distributors.
Cybersecurity a key concern for manufacturing and process facilities but, with over three-quarters of manufacturers outsourcing their cybersecurity testing according to research from AVORD, there appears to be a lack of in-house knowledge to tackle security threats.
Three-in-four (77%) manufacturing companies think that the cost of security testing is too expensive, and it can be hard to justify spending revenue on security testing. However, manufacturers could actually be spending more than they should as a result of companies performing the role of the middle man to get to the expertise of testers.
Another major problem for the manufacturing industry – unlike other consumer-focused industries where protecting personal data is essential – is understanding exactly which assets they need to protect, and how. AVORD research has found that 70% of manufacturers were unable to determine the risk associated with a data breach like this, further demonstrating this worrying gap in knowledge from the industry.
Methods used by hackers to access data have not changed drastically over the past decade, but the prize has become far greater in recent years because customer information comprises a major part of digital assets. While companies may be adding metric value to an increasing share of their data and intangible assets, the problem occurs when they do not recognise who has access to this data through their supply chain.
Large manufacturers have vast and complex supply chains that are not necessarily held to the same standard of security testing as the corporation itself. While businesses may be spending considerable sums of money on testing, volume is not synonymous with value. When failing to have these security tests as part of a supplier agreements, companies simply offer cybercriminals’ additional points of entry.
Manufacturers need to take stock of their supply chain and assess where the weak links may be. If necessary, manufacturing companies will need to ask that their suppliers undertake similar rigorous security testing, in order to protect themselves from cyberattacks by proxy. Only once thorough and regular testing processes are implemented across the whole chain can you be certain that valuable data is secure.
Brian Harrison is CEO at AVORD.>
Source: Control Engineering Europe - All Articles