A Marsh McLennan review found that APAC organisations are 80 per cent more likely than the global average to be the target of a cyber-attack. Many manufacturing businesses are open to cyber-attacks but are unsure of their main system weaknesses, making it hard to address vulnerabilities. Cyber security does not have a simple one size fits all solution, so understanding the specific requirements of each technology is key to protecting important business data and information.
Protecting legacy equipment
Despite rapid industrialisation and digitalisation, much of APAC manufacturing is still dependent on legacy equipment ─ not every digitalisation project involves shiny new machines. However, legacy equipment can be a target for cyber-criminals, so businesses need to assess their technologies to ensure there are no weaknesses. One of the reasons legacy equipment is targeted is that the internet is has reached places in the manufacturing process that wouldn’t have traditionally been exposed, such as programmable logic controllers (PLCs) and industrial control systems. However, legacy PLCs may not check the integrity of commands sent to them, creating a vulnerability that hackers could manipulate them with remote commands.One widely known example is Stuxnet, a malicious computer worm created to target PLCs. Stuxnet believed it caused substantial damage to the Iran nuclear program by changing the rotor speed of gas centrifuges, causing them to explode. The worm also physically damaged over 1,000 machines and infected 2,000 computers. This code is currently publicly available, so hackers have the opportunity to replicate this attack in the future. As more manufacturing devices are connected to the internet, the number of access points that cybercriminals can exploit grows. Retrofitting connected legacy technologies with layers of cybersecurity and updated software will allow businesses to get the best out of legacy equipment while staying cyber secure.
Remote working and access
According to Check Point Research, the number of cyber-attacks in the APAC region increased by 168 per cent in 2021 compared with 2020. During the pandemic, many businesses had to adapt their IT infrastructure to remote or hybrid working quickly, but according to a Sophos study, 53 per cent of APAC companies said they were unprepared for the security requirements needed for remote working. Introducing new technology without scrutinising the security implications can create weaknesses. Businesses may overlook the broader security issues that can occur by unknowingly connecting a machine to the internet during rushes to streamline processes.
Training the workforce
Employees wouldn’t leave a building unlocked at night ─ the same mentality can be adopted to avoid cybercrime. One way to avoid simple hacking techniques is by training staff across the business on how to avoid falling into phishing or hacking traps by not clicking on links or opening attachments from unknown sources. Research commissioned by OpenText found that 47 per cent of APAC respondents are more likely to indicate employees are only “somewhat prepared to combat phishing” compared with other regional counterparts. Employees can learn to take on the mentality of someone trying to attack the system to help them consider the possible weaknesses they are creating. When setting up new technologies, employees can also think about introducing further internal security defence layers to reduce hackers’ freedom to access the entire system from one weakened point. As the need for IoT manufacturing devices and remote access increases, cyber security becomes increasingly important to protect businesses from cyber-attacks. The more manufacturing businesses and their employees understand their systems’ weaknesses, the better they can protect them.