Drives & Controls Magazine June 2024

TACKLING THE CYBER CRIMEWAVE The well-publicised ransomware attacks on Marks & Spencer and the Co-op have emphasised how vulnerable organisations of any size are to determined cyberattackers. While the attacks on retailers may have generated a lot of publicity, manufacturing remains the sector that has been the most targeted by cybercriminals in recent years. According to a new analysis by the IT consultancy, IDS-Indata, an alarming 42% of UK manufacturers were affected by ransomware attacks in 2024 – up from 34% in 2023. The figures reveal that cyberattacks of all types are rising, with “spearfishing” (the most common form of attack) affecting 88% of manufacturers in 2024 (up from 84% the previous year). Reports of malware attacks on manufacturers rose from 45% in 2023, to 50% last year. According to the analysis, the fastest-growing mode of attack comes via third-party suppliers and vendors (the route reportedly taken by M&S’s attackers). In 2023, supply chain attacks affected just 20% of manufacturers. By last year, that figure had risen to 30%. The interconnected nature of supply chains creates cascading vulnerabilities, according to IDS-Indata. What’s more, some cybercriminals are now using AI tools to automate the identification of weak points, accelerating the pace of attacks. The growing use of AI is one of the most worrying aspects of the cyber crimewave. In ransomware attacks, for example, cybercriminals are using AI to create malware that can adapt itself in real time to avoid detection. AI is also being used to create deepfakes and automated scams for phishing and impersonation attacks. Cybercriminals can create highly personalised attacks that exploit human error – one of the weakest links in manufacturing cybersecurity. In spearphishing attacks, for example, AI can help cybercriminals to customise emails for specific individuals, using personal information obtained from public sources. Many manufacturers are particularly vulnerable to cyberattacks because their OT (operational technology) systems are integrated with IT networks, with unmanaged or legacy systems acting as weak links that offer entry points to sophisticated AI-powered cyberattackers. According to IDS-Indata, hackers are exploiting these gaps in security with alarming speed, using AI to automate and adapt their tactics. So, what – if anything – can be done to thwart these attacks? The risk will never be eliminated entirely, especially when ransomware attacks, in particular, are so potentially lucrative. Also, cybercriminals are continually innovating, as can be seen by their increasing adoption of AI and other advanced technologies. Finally, they only need to find one vulnerability to worm their way into a system. The usual advice applies about keeping your systems separated from the Internet (as far as possible) and ensuring that security patches are up-todate. Consulting with cybersecurity experts might reveal potential vulnerabilities that you are not aware of. If your system proves too challenging for hackers to penetrate, they might move on to easier targets. Tony Sacks, Editor n COMMENT Follow us on LinkedIn @Drives & Controls Follow us X Drives&C Controls & rives Join us Facebo Drives & C on X @Drivesn Forthe D on ok Controls Controls latest news visit Controls the Driv www.driv ves & Controls we vesncontrols.com

RkJQdWJsaXNoZXIy MjQ0NzM=