How Can Electronics Manufacturers Protect Against Cyber Attack?
By Lucy Ashton
Originally posted on JJS Manufacturing Blog
As the UK electronics manufacturing industry becomes increasingly digitalised, and the flow of sensitive information between machines becomes ever more prolific, the need for heightened cybersecurity strategies has never been more crucial.
The cyber threats for manufacturers are constantly evolving – whether it’s the risk to sensitive CRM data, the disruption of operational systems, the compromising of a company’s supply chain, or the stealing of valuable intellectual property for the purposes of gaining a competitive advantage.
The penalties for the victims of a cyber attack can also be huge – with companies finding themselves subject to a GDPR fine of up to 4% of their annual global turnover.
Understanding the malware threat
Malicious software (or malware) is the term for any form of computer programme that has been created with mischievous, malicious or criminal intent.
Malware covers a broad range of threats, the most common of which include:
- Worms – standalone malware computer programmes that are designed to replicate themselves in order to spread to other computers
- Viruses – any piece of code that is capable of copying itself with the intention of corrupting a computer system and/or destroying data
- Spyware – software that is installed in a user’s computer without their knowledge with the intention of obtaining covert information and transmitting that information to a third party
- Trojan horses – a form of malware that is designed to look like legitimate software
The aim of malware is two-fold – to spread itself as widely as possible and to inflict some form of damage.
In some instances, that damage may be something relatively minor, such as displaying an unwanted message when a computer starts-up.
In more extreme cases though, malware has the power to inflict significant harm – whether it’s through the stealing of passwords, the unwanted hosting of illegal data, the transmission of spam emails, or as a means to attack other devices.
Often too, the cybersecurity breach may not be immediately obvious.
Many types of malware are specifically engineered to lie dormant before being remotely triggered at a pre-determined time – and meanwhile giving the virus more time to spread before it is detected.
Compounding the cybersecurity risk is the fact that even the most up-to-date antivirus software can often only provide limited protection, as new viruses become more adept at bypassing company security systems.
The users of Macs and mobile devices may also be surprised to learn that they are no longer immune to the malware threat. The total number of malware viruses appearing on Macs has almost tripled since Q3 2016 – and the number of malware cases detected on mobiles has almost doubled over the same period.
Simple cybersecurity strategies
One of the quickest ways for a cyber attacker to gain access to, and inflict damage on, a company’s computer system is through the hacking, phishing or leaking of company passwords.
Many weak passwords (such as simple number combinations, birthdates or postcodes) can be cracked within a matter of seconds – while leaked passwords (ie those obtained from written notes, the hacking of other accounts or phishing phone-calls/emails) are a common cause of security breaches.
When choosing a password, employees should be advised to steer clear of easily hackable data – such as dates of birth, postcodes or relatives names – which can be easily ‘guessed’ via information gained from social media accounts.
The longer the password, the stronger it will be – so ideally at least 12 characters – and it’s best to avoid the use of words that can be found in a dictionary, and to opt instead for random combinations of numbers, capital letters, lower-case letters and symbols.
Passwords should never be written down or shared – and different passwords should be used for every account. It’s also important to encourage employees to change their passwords regularly – and in the event that anyone suspects their password has been compromised, that they immediately change it (and inform the IT department).
While the benefits of digitisation and Smart Factories are significant for the electronics manufacturing services industry, the cyber risks that these new technologies bring can also be far-reaching.
Confidential data can be stolen. There is the impact of operational disruption or unplanned production downtime. And there is the threat to a company’s reputation, both in terms of its relationships with existing businesses and how it is perceived by prospective customers.
So what’s the best line of defence for electronics manufacturers?
Invest in cybersecurity measures – whether that’s training, consultancy, software and/or hardware – to keep your business safe.
And ensure every member of staff understands the crucial role that they can play in preventing a data breach.