We’re all very well aware of the potential economic impacts of Brexit, but the impending political and regulatory upheaval goes deeper than that. Cyber security could also be affected by a disorderly exit from the EU as the UK’s information exchange with partners around the world undergoes change. As the world goes digital, British industry is at the mercy of cyber attackers. When considering the economic health of the country, cyber security should be front and centre, asserts Adam Vincent.
Britain’s manufacturers have become much less confident about the prospects for the UK economy as a result of Brexit uncertainty and fears over cyber security. Worryingly, there has been a declining trajectory of manufacturing output, which fell for a fifth straight month in November. The last time that occurred was the 2008-2009 recession. 2019 has seen the departure of multiple large players in the automotive space, as well as moves EU-wards by big employers like Dyson.
There are some major bumps in the road ahead. Manufacturers have a lot on their plate. How can they ensure cyber security doesn’t worsen the headache? With the rise of increasingly complex cyber threats, Britain’s manufacturing industry faces a serious challenge. Manufacturing is often targeted by both opportunist and targeted hackers looking for an easy target or specific Intellectual Property (IP). In 2018, it was reported that nearly half of UK manufacturers were hit by a cyber security incident.
Digital transformation is increasingly visible on the factory floor, with IP-connected robots, sensors and process management systems replacing manned and manual workflows. That means the average facility now has countless more potential access points for cyber attacks. A successful breach could halt production in its tracks for many hours, causing serious financial and reputational damage.
Nevertheless, across the manufacturing sector, awareness of the cyber security challenge and the implementation of appropriate preventive measures is “highly varied”. As such, manufacturers need to ensure that their cyber security capabilities are not just an afterthought. With Brexit set to reduce the speed and smoothness of information sharing between Britain and the EU, there’s a question mark hanging over how much manufacturers will be able to rely on Government support going forward.
We’re firm believers in an ‘all for one, one for all’ approach towards cyber security. In the face of political uncertainty, we need to see an increase in intelligence sharing between businesses such that they can collectively combat the common cyber enemy.
It’s hard to know what to prepare for in the maelstrom of the Brexit back-and-forth. In that context, it’s easy to focus on the problems right in front of you – import/export tariffs, the brain drain – and let cyber security slip down the ‘To Do’ list. That’s understandable, but it’s also dangerous. Cyber attackers are no respecters of politics or borders. Organisations need to ensure they have a clear understanding of how their security will be impacted by Brexit and what they can do to prepare.
The key question here is: ‘How much of their defence is informed by information flows that could be impacted by Brexit?’ The UK’s current data sharing apparatus is governed by EU agreements. For instance, the US-EU Privacy Shield arrangement currently dictates the manner in which the UK handles personally identifiable data with the USA. In the same way, sensitive security information is currently shared under existing frameworks of co-operation which could well change depending on the final specifics of Britain’s exit from the EU.
All of that means manufacturers need to be sure their defences will remain up-to-date post-Brexit. It may seem like a distant risk at this point, but cyber security is always urgent in hindsight. Better to pay attention now than wish you had done so when you’re further down the line.
Work with others
With that in mind, and with the future state of Government information sharing currently uncertain, manufacturers need to take matters into their own hands and build collaborative networks with their peers in the industry. By sharing pertinent security information with others in their space, companies can increase the chances of a successful defence. When one company comes under attack, it can share details of the exploit to allow its peers to benefit from the experience. This might go against common behaviour between competitors, but think of it as ‘the enemy of my enemy is my friend’. The industry as a whole will benefit if common attacks are met with a strong defence across the board. There’s nothing wrong with an altruistic outlook.
It’s also extremely helpful to have one centralised system in place to enable companies to maintain their defences (and particularly so during the transitional post-Brexit period). An intelligence-driven security operations platform can bring together all the security systems in a company network under a single point of management, automating routine tasks and creating playbooks for quick response to common attacks. When paired with an effective security information sharing network, a security operations platform driven by intelligence can take the manual weight off security teams, freeing them up to focus on driving value for the business.
The next few months are going to be challenging for the manufacturing industry. There’s little doubt about that, but cyber attacks needn’t add insult to injury if businesses prepare in the right way.
With comprehensive information sharing and process automation in place, manufacturers can rest assured that their valuable IP and production lines are still well defended.
Adam Vincent is CEO at ThreatConnect