Supply chain cyber attack warning for the engineering and manufacturing industry
News & Events

Supply chain cyber attack warning for the engineering and manufacturing industry

Photo of Phil Black - PII Editor Phil Black - PII Editor Follow on X Send an email 12/02/2024
398 3 minutes read
Listen to this article

Engineering and manufacturing businesses have been issued a warning by cyber experts at the North East Business Resilience Centre (NEBRC), a non-profit, police-led organisation. The warning comes following a trend in ransomware attacks within the supply chain of engineering and manufacturing firms. 

Martin Wilson, Detective Inspector and Head of Student Services at NEBRC warns, 

“We recently helped a manufacturing business that was at risk from a cyber attack, due to a compromised supply chain. This is a trend we are seeing increasingly for businesses in the industry and across all sectors, where criminals find vulnerabilities through a supplier. This can leave all businesses they operate alongside at risk, with long-lasting consequences. 

“Businesses should regularly check for weaknesses and should perform additional checks should they suspect a threat within their supply chain. It’s not just employee, business and customer data at risk. There is a very real threat to business finances, whether directly from the attack or in fines and compensation payments. Attacks can also tarnish a brand’s reputation, affecting business performance for years to come.” 

Investigating vulnerabilities

Preventing attacks and reducing vulnerabilities is key and businesses should act fast if they suspect their supply chain has been compromised. One of the best ways to spot holes in your security is to conduct a vulnerability assessment. This involves scanning and reviewing business systems, to search for weaknesses such as; poorly maintained or configured systems, limited access controls and easy access to sensitive data. It simulates the approach a criminal would take to infiltrate your system and includes an easy-to-understand report, explaining the results, including definitions of weaknesses and the associated risks, plus plans and guidance on how to fix and minimise those risks. 

Commenting on a recent successful vulnerability assessment, Martin commented,

“Our student ethical hackers, under the supervision of industry professionals, recently supported an organisation in the engineering and manufacturing industry. We worked collaboratively with their technology provider to undertake a vulnerability assessment of their server and a review of existing information security policies. The firm was concerned that attacks within their supply chain could reach them and so they wanted to be proactive in their response to prevent further threats.”

This assessment involved checking how the server might be attacked across the internet and looking for any weakness that might have been present on the inside of the organisation's network. It also benchmarked the company’s security policies against the internationally recognised best practices in the ISO27001 series.

Martin adds, “While undertaking the assessment, the team found numerous PORTS (connections used to exchange information) were open on the server, presenting a possible risk of ransomware attacks. The policy review suggested improvements to the data backup position, another vital defence in the fight against ransomware, as properly configured backups identify the data any organisation cannot do without and ensure that data is copied and stored elsewhere.”

“The firm then worked with its technology provider to close PORTS that didn’t need to be open and made some changes to its backup solutions, meaning in the event of an attack, the company had readily accessible backups it could revert to. These actions, combined with phishing training delivered virtually by our team, meant that the engineering firm was in a much stronger, more resilient position and is less likely to be the victim of a ransomware attack.”

Finding support to plug skills gaps 

Often businesses and workers are aware of password best practices but few understand that ofen vulnerabilities are targeted not orgnasiations per se. Many don’t know what to do if a compromise is suspected. Cyber security can feel daunting and expensive however, should a threat infiltrate your business, the costs of recovery are much higher than the cost of proactivity. 

There’s a network of cyber resilience centres across the UK, such as the NEBRC who are able to keep costs low for engineering firms and plug skills gaps by subsidising security assessments where possible. 

For further information about cyber security for your business check out the NEBRC or find your local centre via the NCRC Group.

Photo of Phil Black - PII Editor Phil Black - PII Editor Follow on X Send an email 12/02/2024
398 3 minutes read
Show More

    Would you like further information about this article?

    Add your details below and we'll be in touch ASAP!


    Input this code: captcha

    Photo of Phil Black - PII Editor

    Phil Black - PII Editor

    I'm the Editor here at Process Industry Informer, where I have worked for the past 17 years. Please feel free to join in with the conversation, or register for our weekly E-newsletter and bi-monthly magazine here: https://www.processindustryinformer.com/magazine-registration. I look forward to hearing from you!
    Back to top button
    PII logo

    Read our latest issue here

    Join 25,000 process industry specialists and subscribe to:

    • Process Industry Informer bi-monthly magazine
    • Process Industry Update weekly E-newsletter
    • And our regular Podcast and Webinars
    Yes, Sign Me Up!

    PII has a global network of suppliers ready to help...