search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
PC-FEB24-PG41.1_Layout 1 31/01/2024 12:02 Page 41


CYBERSECURITY


PREVENTING CYBER ATTACKS IN MANUFACTURING


Martin Wilson, detective inspector and head of student services at the NEBRC, advises on the importance of vulnerability assessments to prevent and manage cyber threats


ngineering and manufacturing businesses have been issued a warning by cyber experts at the North East Business Resilience Centre (NEBRC), a non-profit, police- led organisation. The warning comes following a trend in ransomware attacks within the supply chain of engineering and manufacturing firms.


E


Martin Wilson, Detective Inspector and Head of Student Services at NEBRC warns: “We recently helped a manufacturing business that was at risk from a cyber attack, due to a compromised supply chain. This is a trend we are seeing increasingly for businesses in the industry and across all sectors, where criminals find vulnerabilities through a supplier. This can leave all businesses they operate alongside at risk, with long-lasting consequences.


“Businesses should regularly check for weaknesses and should perform additional checks should they suspect a threat within their supply chain. It’s not just employee, business and customer data at risk. There is a very real threat to business finances, whether directly from the attack or in fines and compensation payments. Attacks can also tarnish a brand’s reputation, affecting business performance for years to come.”


Preventing attacks and reducing


vulnerabilities is key and businesses should act fast if they suspect their supply chain has been compromised. One of the best ways to spot holes in your security is to conduct a vulnerability assessment. This involves scanning and reviewing business systems, to search for weaknesses such as; poorly maintained or configured systems, limited access controls and easy access to sensitive data. It simulates the approach a criminal


network of cyber resilience centres who can keep costs low for engineering firms


“ ”


would take to infiltrate your system and includes an easy-to-understand report, explaining the results, including definitions of weaknesses and the associated risks, plus plans and guidance on how to fix and minimise those risks.


There are a


Commenting on a recent successful vulnerability assessment, Wilson said: “Our student ethical hackers, under the supervision of industry professionals, recently supported an


organisation in the engineering and manufacturing industry. We worked collaboratively with their technology provider to undertake a vulnerability assessment of their server and a review of existing information security policies. The firm was concerned that attacks within their supply chain could reach them and so they wanted to be proactive in their response to prevent further threats.” This assessment involved checking how the server might be attacked across the internet and looking for any weakness that might have been present on the inside of the organisation's network. It also benchmarked the company’s security policies against the internationally recognised best practices in the ISO27001 series.


Wilson added: “While undertaking the assessment, the team found numerous PORTS (connections used to exchange information) were open on the server, presenting a possible risk of ransomware


attacks. The policy review suggested improvements to the data backup position, another vital defence in the fight against ransomware, as properly configured backups identify the data any organisation cannot do without and ensure that data is copied and stored elsewhere.” “The firm then worked with its technology provider to close PORTS that didn’t need to be open and made some changes to its backup solutions, meaning in the event of an attack, the company had readily accessible backups it could revert to. These actions, combined with phishing training delivered virtually by our team, meant that the engineering firm was in a much stronger, more resilient position and is less likely to be the victim of a ransomware attack.” Often businesses and workers are aware of password best practices but few understand that often vulnerabilities are targeted, not organisations per se. Many don’t know what to do if a compromise is suspected. Cyber security can feel daunting and expensive however, should a threat infiltrate your business, the costs of recovery are much higher than the cost of proactivity. There’s a network of cyber resilience centres across the UK, such as the NEBRC who are able to keep costs low for engineering firms and plug skills gaps by subsidising security assessments where possible.


For further information about cyber security for your business check out the NEBRC or find your local centre via the NCRC (National Cyber Resilience Centre) Group.


NEBRC www.nebrcentre.co.uk nationalcrcgroup.co.uk/regional-centres/


FEBRUARY 2024 | PROCESS & CONTROL 41


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58