Cybersecurity: the most important threats manufacturers must deal with before it’s too lateMarjorie
According to the sixth edition of DOMO´s report over 2.5 quintillion bytes of data are created every single day which means that by a minute more than 46.000 pictures are uploaded on Instagram or almost 70.000 hours of Netflix videos are streamed. Safely propagated data is crucial, making cybersecurity nowadays more important than ever.
Evoking Cybersecurity threats always brings to mind major breaches like the one suffered by more than 80 million Facebook users in 2018 because of Cambridge Analytics survey app. Nevertheless, 60% of all cyber-attacks or breaches in 2016 were aimed at SMEs according to the Symantec Internet Security Threat Report & US Securities and Exchange Commission. Every person but especially companies are under the cybernetic threats and the mistake, most of the time, is human. As reported by CybSafe’s analysis of data from the UK Information Commissioner’s Office (ICO) 90% of cyber data breaches in 2019 are caused by human error.
The international company dedicated to computing security, Kaspery defines cybersecurity as the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks. A way for individual users or companies to be protected against unauthorized access to data locations or other digital systems. More than one in two businesses (62%) have experienced phishing and social engineering attacks in 2018, and also, somewhere in the world there is a hacker attack every 39 seconds but despite the obvious facts, only 5% of companies’ folders are properly protected, on average. In the specific case, the manufacturing sector is the third most likely sector to experience a data breach, after financial services and insurance. Although there’s acknowledgement of this trend, it is among the least protected, according to the manufacturers’ organization Make UK, and the most exposed regarding financial and manufacturing services (21%).
The data cannot be clearer, it is more crucial than ever to focus on manufacturing security matters, not only for its importance in the value chain, but also because of its impact on emerging technologies. A trend confirmed by the chief of information security officer at the law firm Irwin Mitchell, Graham Thomson:
“Moreover, since Industry 4.0 makes manufacturing more embedded to machines, the internet and other companies, this high level of digital adoption will increase exposure to cyber-attacks.” (The manufacturing Global)
Understanding and identifying the threats It is an absolute necessity for SMEs to develop awareness in Cyber-security meaning that the types of threats have to be known to avoid the release of private or confidential information to an untrusted user or system commonly called data breach. There are two main weakness that can lead to stealing data: technological and, as already mentioned before, human behaviour. The last one is not a surprise when you know the top five passwords used by people in 2020.
There are of course other ways for hackers to reach a company’s sensitive information by exploiting system vulnerabilities, when software’s are not updated or by using a malware downloaded from a compromised web page or an email. A malware, derived from the combination of the words ‘’malicious software’’, is a software designed intentionally to cause damage to a computer, server, client, or computer network. According to McAfee, several methods of attacks exist:
“They include email attachments, malicious advertisements on popular sites (malvertising), fake software installations, infected USB drives, infected apps, phishing emails and even text messages”
- The computer security software company describes eight types of Malware:
- The virus that infects the computer once the victim opens it via an attachment in an email generally.
- The ransomware encrypts the victim files to request money or bitcoin in exchange for decryption. The scareware traps his victim by letting think his device is infected by a virus and that they must download an app.
- The worms copy themselves from machine to machine using a software weakness.
- The spyware captures and transmits personal information or Internet browsing habits and details by installing a program on the device.
- The Trojans steal the information of the victims via a downloaded app or used one.
- The Adware attacks via actions done on unwanted advertisements.
- The Fileless Malware enters a legitimate program to infect the device.
Among those different types of direct or indirect manipulation, there is a particular technique called Phishing which is the most common way for cyberattackers to get into networks via email. This social engineering methodology is the number one delivery vehicle for ransomware. It is called Vishing when the manipulation is done by telephone. Another technique which implicates the action of a person is called impersonation or identity theft is the deliberate use of someone else’s identity, to obtain information or access to a person, company, or computer system.
Cyber-security, the top priority for SMEs to avoid cost challenges
The cost of a cybersecurity breach in 2020 according to ENISA (European Union Agency for Cybersecurity) is not the same for large companies as for SMEs. Organizations with more than 25.000 employees would only have to pay €173 per employee. In contrast, for small companies (500-1.000 employees) the average cost is around €3.000 per employee which represents a total cost of €2,24 million for small businesses. The cost challenges are obviously important and can have serious consequences for an SME. The limited budget also reduced the possibility to hire experts and small security teams could sometimes suffer from a lack of experience.
In Europe, the Cybersecurity Act (Regulation (EU) 2019/881) is the political and economic union’s first consolidated cybersecurity certification framework to establish information and communication technology (ICT) product security certification standards for the entire European Union (EU). According to this Act, cybersecurity certification will be voluntary unless it is legally specified otherwise. Companies can submit a self-certification statement of conformity for recognition of their products in all EU member countries. Cybersecurity certifications of products offered in one country will be valid across the whole EU. In addition, to help SMEs to face the challenges of cybersecurity, SMESEC, the European consortium, proposes to develop a cost-effective suite of cyber-security tools. The main objectives of the project are to enable SMEs to have high-quality cybersecurity solutions but also allow SMEs to receive training. ENISA also propose an SME Cloud Security Tool “to rate the risks and opportunities and to generate a list of security questions to understand the main features of the cloud service under deployment”.
The recent years have shown that SMEs, specifically the manufacturing sector needed to adopt digital transformation in order to stay operative. Challenges are never over, and the enterprises that are one of the main drivers for innovation and growth in Europe also must be attentive to other threats that could shut down their production. Cyber-security should be a daily priority and SMEs won’t be considered any more like an ideal target. Want to stay updated on the latest security news and trends?
Subscribe to our quarterly newsletter https://i4ms.eu/
Marjorie Grassler, In-house consultant at Mobile World Capital Barcelona
Angelos Streklas, EU Projects Technical Writer at Mobile World Capital Barcelona #security #robotics #manufacturing