Cyber Security in the Manufacturing Sector: The Post-Brexit Outlook

Adam Vincent

Adam Vincent

We’re all very well aware of the potential economic impacts of Brexit, but the impending political and regulatory upheaval goes deeper than that. Cyber security could also be affected by a disorderly exit from the EU as the UK’s information exchange with partners around the world undergoes change. As the world goes digital, British industry is at the mercy of cyber attackers. When considering the economic health of the country, cyber security should be front and centre, asserts Adam Vincent.

Britain’s manufacturers have become much less confident about the prospects for the UK economy as a result of Brexit uncertainty and fears over cyber security. Worryingly, there has been a declining trajectory of manufacturing output, which fell for a fifth straight month in November. The last time that occurred was the 2008-2009 recession. 2019 has seen the departure of multiple large players in the automotive space, as well as moves EU-wards by big employers like Dyson.

There are some major bumps in the road ahead. Manufacturers have a lot on their plate. How can they ensure cyber security doesn’t worsen the headache? With the rise of increasingly complex cyber threats, Britain’s manufacturing industry faces a serious challenge. Manufacturing is often targeted by both opportunist and targeted hackers looking for an easy target or specific Intellectual Property (IP). In 2018, it was reported that nearly half of UK manufacturers were hit by a cyber security incident.

Digital transformation is increasingly visible on the factory floor, with IP-connected robots, sensors and process management systems replacing manned and manual workflows. That means the average facility now has countless more potential access points for cyber attacks. A successful breach could halt production in its tracks for many hours, causing serious financial and reputational damage.

Nevertheless, across the manufacturing sector, awareness of the cyber security challenge and the implementation of appropriate preventive measures is “highly varied”. As such, manufacturers need to ensure that their cyber security capabilities are not just an afterthought. With Brexit set to reduce the speed and smoothness of information sharing between Britain and the EU, there’s a question mark hanging over how much manufacturers will be able to rely on Government support going forward.

We’re firm believers in an ‘all for one, one for all’ approach towards cyber security. In the face of political uncertainty, we need to see an increase in intelligence sharing between businesses such that they can collectively combat the common cyber enemy.

Prepare yourself

It’s hard to know what to prepare for in the maelstrom of the Brexit back-and-forth. In that context, it’s easy to focus on the problems right in front of you – import/export tariffs, the brain drain – and let cyber security slip down the ‘To Do’ list. That’s understandable, but it’s also dangerous. Cyber attackers are no respecters of politics or borders. Organisations need to ensure they have a clear understanding of how their security will be impacted by Brexit and what they can do to prepare.

The key question here is: ‘How much of their defence is informed by information flows that could be impacted by Brexit?’ The UK’s current data sharing apparatus is governed by EU agreements. For instance, the US-EU Privacy Shield arrangement currently dictates the manner in which the UK handles personally identifiable data with the USA. In the same way, sensitive security information is currently shared under existing frameworks of co-operation which could well change depending on the final specifics of Britain’s exit from the EU.

All of that means manufacturers need to be sure their defences will remain up-to-date post-Brexit. It may seem like a distant risk at this point, but cyber security is always urgent in hindsight. Better to pay attention now than wish you had done so when you’re further down the line.

Work with others

With that in mind, and with the future state of Government information sharing currently uncertain, manufacturers need to take matters into their own hands and build collaborative networks with their peers in the industry. By sharing pertinent security information with others in their space, companies can increase the chances of a successful defence. When one company comes under attack, it can share details of the exploit to allow its peers to benefit from the experience. This might go against common behaviour between competitors, but think of it as ‘the enemy of my enemy is my friend’. The industry as a whole will benefit if common attacks are met with a strong defence across the board. There’s nothing wrong with an altruistic outlook.

It’s also extremely helpful to have one centralised system in place to enable companies to maintain their defences (and particularly so during the transitional post-Brexit period). An intelligence-driven security operations platform can bring together all the security systems in a company network under a single point of management, automating routine tasks and creating playbooks for quick response to common attacks. When paired with an effective security information sharing network, a security operations platform driven by intelligence can take the manual weight off security teams, freeing them up to focus on driving value for the business.

The next few months are going to be challenging for the manufacturing industry. There’s little doubt about that, but cyber attacks needn’t add insult to injury if businesses prepare in the right way.

With comprehensive information sharing and process automation in place, manufacturers can rest assured that their valuable IP and production lines are still well defended.

Adam Vincent is CEO at ThreatConnect

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts