The unprecedented scale of the worldwide cyber-attack on Friday brought into sharp focus the need for a comprehensive approach to cyber security across private and public-sector establishments. It is not something that manufacturers can afford to ignore. For our sector the threat from cyber-crime is a major barrier to business and growth; threatening loss of data and intellectual property, disruption to business and impacting on trading reputation.
Andy Collier, Director of NDI – the division of EEF that represents defence, aerospace and security manufacturers - said that “For too long companies have ignores the growing threat posed by cyber-attacks, which are not just related to big organisations or space-age operations but businesses of all sizes. Any company that uses data and has internet connectivity is potentially vulnerable no matter what sector they operate in, and this includes large, sophisticated and high-profile enterprises across food and drink, defence and automotive. This incident will hopefully act as a wake-up call for businesses to take cyber security seriously and treat it like any other critical business risk”.
The indiscriminate nature of this most recent attack demonstrated that organisations large and small are equally vulnerable if appropriate measures are not taken to build resilience into their information systems. This means businesses taking the appropriate steps to protect themselves. There are a number of easy-to-implement defences that can very considerably reduce the risk of attack and the impact of successful attacks of this nature. These simple steps must be applied more thoroughly by businesses and the public at large; use proper antivirus software services, keep your security patches updated, and back up the data that matters to you.
But it is also up to Government to provide the necessary conditions – through policy and legislation - to best facilitate a national approach to this threat and the timing of the latest attack has pushes this firmly into the agenda for the general election. More attention must be paid to building resilience into our national cyber infrastructure, the provision of comprehensive guidance on the nature of the threat and the best means by which companies can protect themselves, and standardised means of accreditation to ensure that businesses are not only protected, but are seen by their customers to be so.
EEF welcomed the launch – not before time - of a National Cyber Security Strategy in 2016, and the National Cyber Security Centre as the means for delivering this. Government-backed initiatives such as Cyber Essentials (https://www.gov.uk/government/publications/cyber-essentials-scheme-overview) offer independent assessment and accreditation of an organisation’s cyber security regime, focusing on the core actions that businesses should take to protect themselves. It is a mandatory accreditation for suppliers of government contracts which involve the handling of personal intonation and providing some ICT products and services, though EEF supports the programme as evidence of good practice more generally.