October 2017

Why SME manufacturers should be worried about cyber security

Nigel Mackie, Head of Cyber Security Business Development, recorded a podcast with the EEF’s Martin Strutt to discuss why SME manufacturers should be worried about cyber security. In the podcast, Nigel mentioned ‘vectors of security’, which are ways your electronic systems can be attacked – in other words, your business’ cyber vulnerabilities.

Threat vectors can vary widely in terms of purpose and the attacker. Here are just a few examples:

In fact, Nigel gave an alarming example, saying, “Cyber warfare sounds a little bit Hollywood, but 20 nations have openly declared they are building offensive cyber capability. That means they will be essentially using hacking to exploit vulnerabilities in critical national infrastructure and industrial control systems and then exploit them in the future. For example, when Russia attacked the Ukraine, they switched the power off in something called BlackEnergy. So this is the future we face.”

And it isn’t just large companies, utilities or governments that should be worried about cyber security when it comes to the warfare of the future. This threat can affect even those lower down on the supply chain.

Nigel explains, “If an SME that made bolts was attacked and their CAD drawings were changed. Then those bolts are supplied into a military aircraft and the attacker knew exactly what tolerances could be affected on those bolts to Cause the aircraft windscreen to popout at a particular speed and altitude. That’s what could happen.”

Steps to becoming digitally secure

Nigel explains that 80% of cyber security can be taken care of with simple best practices, such as ensuring passwords are changed regularly, aren’t written down and aren’t easy to guess. Customer information should be stored on two servers rather than just the web server and all stored data should be encrypted. He also says when MASS visits companies, most have many more digital ‘assets’ than they realise. This can include having subcontractors that have access to sub-systems, they have installed unbeknownst to most people at the company.

In terms of training, Nigel recommends running a disaster recovery workshop to ensure the issues have been thought through and the organisation knows what to do in the event of a cyber attack. Many do this for fire and floods but a cyber attack is far more likely and you will be surprised just how many issues these workshops raise for half a day of senior team effort, a good workshop will give you the plan as an output.


The business case for security

For some companies, cyber security has not been a priority, but this is increasingly a business critical issue. Here are just a few of the ways cyber security impacts the bottom line:

To listen to Martin and Nigel discuss cyber security in UK manufacturing in their podcast, click here.

Cyber security