2017 was the year of the cybercrime pandemic which cost businesses around the world a staggering $600 billion, accounting for 0.8 percent of global GDP. An increase of the use of connected devices has allowed for massive inroads to be made in terms of productivity, there is an issue however; more connected devices means that there is a larger space in which companies could be attacked. Kaspersky produced a report and found that in 2017 more than one third of all cyber-attacks were committed against manufacturers.
Nowadays, staff have access to a computer, a laptop, a smartphone, a tablet and many more devices. The problem with workforces having all of these devices is that they are usually all integrated and coincide with one another so there are many ways attackers can enter the mainframe.
Why is it that manufacturers are being targeted so intensively by cyber criminals? Manufacturers actually tend to offer attackers a lot in the way of valuable material — from details of currently ongoing projects, which if stolen, could be replicated and sold, to information regarding trading partners. However, in recent years, these crimes could often be carried out by terror groups, who are seeking to steal blue prints, or similarly details that could go onto disrupt or destroy the production process.
Bronze Butler, (as they are commonly known in eastern Asia), are a group who, for the past decade, have been attempting to infiltrate a host of manufacturing companies in Japan via their cyber infrastructure. The group, who are known as Tick, have been conducting efforts to steal crucial, confidential data from the Japanese firms, alongside hacking their IP addresses.
Although Japan has experienced a multitude of issues in regard to cyberattacks, they aren’t alone — Europe, similarly, has fell victim to a host of challenges by criminals. In 2014, a group of hackers successfully entered the computer mainframe of a German Steel Mill, controlling the settings of a blast furnace within the plant, eventually causing serious damage.
Although manufacturing companies have began to invest significant capital in the fight against cyber-crime, in relation to other industries, they are still massively lagging behind, and if they are to fight off future attacks, they must be more vigilant.
Here, with Kerridge Commercial Systems, who provide ERP systems, we take a look at the measures you must assess.
When it comes to ensuring your connected devices are actually protected from attack, there are two main things you should consider:
It may seem fairly self-explanatory, but, if you’re going to be able to put a genuine fight against cyber attackers, then you need to put yourself in their shoes. The tricky aspect of battling against those who are committing cyber-crime, is the fact you will never see them; however, you do have the upper hand. All they have access to is what you have — and nothing more.
Start of by collating a list of all the potential entry points. Every single device, from a television to CCTV, from a smartphone to the office party designated Wii can be considered a way of hackers getting in. Despite the fact you may see little harm in the likes of these devices, those that are committing these crimes are experienced in their field. Take for example a major casino getting brought down by hackers who managed to get access via fish tank which was connected.
We suggest creating an inventory of all your devices, not just the ones which you presume to be a danger, but all of them. Obviously, you can manually count the devices, however, there are innovative technologies such as network profiling, which significantly reduce the time you need to devote to examining all your devices.
Alongside analysing the number of devices which are connected to the network, it is also worth monitoring activity. General spikes in usages, or differing behaviours can indicate that a cyber attack is imminent, however, for this to be accurate, every time you introduce a new device, it is crucial you update the baseline — otherwise it will be virtually impossible to track.
Once you have considered the visible nature of the devices, then you must focus on the general control in place. This includes the internal security practices involved, the network in itself, and the security capabilities of the devices. The main areas worth attention are:
- Asses your security regularly – Carry out security assessments of your devices on a regular basis
- Current — We might be guilty of ignoring the regular updates that our devices suggest, but, they are they for a reason. Both operating systems and software need to be updated on a regular basis to dispose of any bugs or potential hacks.
- Anti-virus — Establish a firewall and, similarly, proxy devices to protect your devices from potential vulnerabilities. Simple, yet effective!
- Damage limitation — By using VLANs and ACLs, your business can prevent the amount of damage that a potential breach can cause. Segmenting your business’ network, through separate virtual local area networks and subnets with access control lists, limits the access which can be gained during an attack.
- Personalise — Despite what may seem like a given, be sure to change the passwords from the default settings. Getting hacked is bad enough, without it occurring thanks to sheer negligence.
The number of internet enabled devices in the world is exponentially growing. In 2015 there were 15 billion. By the end of 2018, that figure had risen to 23 billion, and by 2025, the previous figure is expected to triple, meaning there will exist 75 billion devices capable of accessing the internet in less than six years. As the Internet of Things continues to grow at this alarming rate, manufacturing companies need to take heed, and quash the potential threats that they are undoubtedly exposed to.