Why UK manufacturers are underprepared to deal with the pandemic's cybersecurity fallout

10 March 2021 08:00

Manufacturers in the UK have been severely tested over the last year. The sector was one of the first to be hit by Covid-19, as overseas supply chains and markets wrestled with the pandemic, creating a knock-on effect leaving products unassembled and goods unsold. It’s also been among the hardest hit over lockdowns: factories have been forced to close or operate with a skeleton staff to provide adequate social distancing. To top it off, manufacturing is considerably less able to operate effectively through remote working than other sectors, decimating productivity.

These problems, coupled with the more recent additional difficulties created by Brexit, have been widely reported. What’s less well-known is that manufacturers have also battled a war against cybercriminals. The majority (58%) of UK manufacturing firms experienced a cyberattack in 2020, with 37% saying the conditions created by Covid-19 made the attacks possible, according to research conducted by the Ponemon Institute and commissioned by Keeper Security.

The effects have been damaging. More than half of respondents (55%) say these cybersecurity incidents resulted in the theft of sensitive information about customers, target customers or employees. Sector leaders say they fear that the theft of credit card information and company financial data may have occurred or be a likely possibility. While the deliberate actions of cybercriminals were judged to be responsible for the majority (57%) of attacks, it is equally worrying that more than a third (38%) of manufacturers believe negligent employees or contractors were the root cause of security issues.

The ill-preparedness of the digital acceleration

Covid has forced swift changes to embrace digital formats and processes for many companies, across every sector. Traditional retailers have taken their offerings online for the first time. Management meetings have been reimagined as Zoom groups. Filing cabinets, reports and paper forms have been transformed into cloud-based, collaborative documents. According to management consultancy McKinsey, 2020 saw advances of 3-4 years on average in business digital transformation journeys. Processes have not been entirely smooth though, with IT managers sometimes having to suddenly provision entire businesses with entirely new cloud processes and communications tools in the face of short lockdown deadlines.

The infancy of these processes and tools - and the lack of time allowed for planning, testing and rollout - created both real and imagined dangers, particularly for those companies who weren’t cyber-savvy to begin with.

Unfortunately, this unpreparedness has been especially prevalent in manufacturing. Two-thirds of firms (67%) admit their IT security measures aren’t fit-for-purpose and that password security is particularly weak. A significant number of remote workers (66%) are not even required to use a password manager or implement any authentication methods beyond a password. This is a particular cause for concern, given compromised and stolen passwords are the most common (49%) cause of attacks among UK manufacturers. Similarly, identity-based attacks are on the rise, with an overwhelming number (93%) of UK manufacturers believing the incidence of phishing attacks has grown in the past year.

These results - the combination of lax password security and a sharp increase in criminal attacks facilitated by credential theft - create a recipe for disaster in the sector. The UK government has estimated the current cost of cybercrime at £27bn per annum, and rising. Coupled with potential fines for GDPR infractions, and poor trading conditions overall, the cost of a single successful attack could be fatal for many UK manufacturing businesses.

The future of cybersafety relies on passwords

Fortunately, there are some simple and cost-effective steps available to help remediate the situation. Multi-factor authentication is already built into many cloud services, but it needs to be switched on. Equipping staff with a modern password management system creates an effective barrier against identity-based attacks, the most common route for cybercriminals to strike.

Good passwords are longer than most people would typically choose for themselves and possess a high degree of entropy. Passwords like ‘Miffy2020’ are trivial to crack while ‘7kjoPi0)@!i9ujiuFDD’ is not. People don’t choose passwords like this though, because they’re also impossible to remember. Luckily, technology provides the solution through password management platforms - generating and remembering sophisticated, unique passwords so the user doesn’t need to. Ideally, passwords won’t even be shared with the technology provider, operating on ‘zero trust’ principles to ensure the lowest levels of vulnerability.

The clock is ticking for UK manufacturers. If they have not yet been hit by an extremely damaging cyberattack, then all the signs suggest that this is simply a matter of time, unless they act soon. While current emergencies always seem the most pressing, preparing against future crises must be given due priority, as often the long-term effects will be the most severe.

- The author, Darren Guccione, CEO & Co-founder of Keeper Security

Back to Homepage

Back to Technology & Innovation

Related

Geomembranes Market Dynamics: Prediction for Industry’s Future Post-Pandemic

UK startups see record investment for 2021

Pallet shredder chips away at waste disposal costs for distribution firm

Pioneering technologies for integrated intralogistics