CISOs / Manufacturing cyber security – the Brexit lookout
Manufacturing cyber security – the Brexit lookout
18 March 2019
With the Brexit uncertainty and major bumps in the road ahead, how can manufacturers ensure cyber security doesn’t worsen the headache? Adam Vincent, CEO, ThreatConnect, offers some advice.
With weeks to go, Brexit is still as clear as mud. We’re all aware of the potential economic impacts, but it goes deeper than that. Cyber security could also be affected by a disorderly exit, as the UK’s information exchange with partners around the world undergoes change.
As the world goes digital, British industry is at the mercy of cyber-attackers – when considering the economic health of the country, cyber security should be top of mind.
As an example, Britain’s manufacturers have become much less confident about the prospects for the UK economy as a result of Brexit uncertainty and fears over cyber security. Worryingly, there has been a declining trajectory of manufacturing output, which fell for a fifth straight month in November of 2018. The last time that occurred was the 2008-09 recession. 2019 has seen the departure of multiple large players in the automotive space, as well as moves EU-wards by big employers like Dyson.
There are some major bumps in the road ahead. Manufacturers have a lot on their plate. How can they ensure cyber security doesn’t worsen the headache?
Also of interest: Does Brexit make GDPR irrelevant?
The security challenge
At the same time, with the rise of increasingly, complex cyber threats, Britain’s manufacturing industry faces a serious challenge. Manufacturing is often targeted by both opportunist and targeted hackers, looking for an easy target or a specific set of intellectual property. In 2018, it was reported that nearly half of UK manufacturers were hit by a cyber security incident.
Digital transformation is increasingly visible on the factory floor, and IP-connected robots, sensors and process management systems are increasingly replacing manned and manual workflows. That means that the average facility now has countless more potential access points for cyber attacks – and a successful breach could halt production in its tracks for many hours, causing serious financial and reputational damage.
Nevertheless, across the manufacturing sector, awareness of the cyber security challenge and the implementation of appropriate preventive measures are “highly varied”. As such, manufacturers need to ensure that their cyber security capabilities are not just an afterthought.
But with Brexit set to reduce the speed and smoothness of information-sharing between Britain and the EU, there’s a question mark over how much manufacturers will be able to rely on government support going forward.
We’re firm believers in an ‘all for one, one for all’ approach towards cyber security. In the face of political uncertainty, we need to see an increase in intelligence-sharing between businesses so they can collectively combat the common cyber-enemy.
Also of interest: How to break into Penetration Testing – an expert’s guide
It’s hard to know what to prepare for in the maelstrom of Brexit back-and-forth. In that context, it’s easy to focus on the problems right in front of you – import/export tariffs, the brain drain – and let cyber security slip down the to-do list. That’s understandable, but it’s also dangerous.
Cyber attackers are no respecters of politics or borders – organisations need to ensure they have a clear understanding of how their security will be impacted by Brexit and what they can do to prepare.
The key question here is – how much of their defence is informed by information flows that could be impacted by Brexit?
The UK’s current data sharing apparatus is governed by EU agreements – for instance, the US-EU Privacy Shield arrangement currently dictates the manner in which the UK handles personally identifiable data with the USA. In the same way, sensitive security information is currently shared under existing frameworks of co-operation, which could well change depending on the specifics of Britain’s exit from the EU.
All of that means that manufacturers need to be sure their defences will remain up-to-date post-Brexit – it may seem like a distant risk at this point, but cyber security is always urgent in hindsight. Better to pay attention now than wish you had further down the line.
Also of interest: What can the cyber world learn from the medical industry?
Work with others
With that in mind, and with the future state of governmental information sharing currently uncertain, manufacturers need to take matters into their own hands and build collaborative networks with their peers in the industry.
By sharing pertinent security information with others in their space, companies can increase the chances of a successful defence. When one company comes under attack, it can share details of the exploit to allow its peers to benefit from the experience.
This might go against common behaviour between competitors, but think of it as ‘the enemy of my enemy is my friend’ – the industry as a whole will benefit if common attacks are met with a strong defence across the board.
It’s also extremely helpful to have one centralised system in place to enable companies to maintain their defences particularly in the transitional post-Brexit period. An intelligence-driven security operations platform can bring together all the security systems in a company network under a single point of management, automating routine tasks and creating playbooks for quick response to common attacks.
When paired with an effective security information-sharing network, a security operations platform driven by intelligence can take the manual weight off security teams, freeing them up to focus on driving value for the business.
The next few months are going to be challenging for the manufacturing industry – there’s little doubt about that. But cyber attacks needn’t add insult to injury if businesses prepare in the right way. With comprehensive information-sharing and process automation in place, manufacturers can rest assured that their valuable IP and production lines are still well defended.