Other News: How to increase cyber resilience in your business and wider supply chain
Recent high profile cyber attacks within the automotive industry are very much a wake up call for the whole automotive industry and its wider supply chain.
Every part in the supply chain is a potential vulnerability, from manufacturing lines, third-party logistics and retail websites and locations.
A cyber attack, such as a malware or ransomware attack, can be crippling for any business, but it can also go on to affect its whole supply chain. The after-effects of a cyber attack are obviously financial issues, but there will also be reputational issues to contend with in the long term.
Small and medium-sized suppliers often lack robust cyber defences and therefore can be especially at risk and can become stepping stones for attackers attempting to reach larger manufacturers.
The rapid advancement of generative AI has meant that cyber criminals can now launch higher quality and larger numbers of phishing attacks. A ransomware attack is a malware attack which takes over a computer network and leaves the business unable to access it themselves unless they pay a ransom.
A malware or ransomware attack typically begins with a phishing email, which is a message that is designed to look like a genuine email and features a compromised link. Once the user clicks on this link, it gives a cyber hacker access to their computer and they can then move to gain access to the wider IT network.
The automotive industry now needs to view cyber resilience as a business critical function that is of the same importance as health and safety, for example.
The North West Cyber Resilience Centre is part of a police-backed nationwide organisation, which provides guidance and advice around building cyber resilience within small businesses and organisations.
DI Dan Giannasi, head of cyber and innovation at the NWCRC, explained, “A simple click on a phishing link in an email can lead to a much bigger expansive cyber attack, which can go on to have huge ramifications for any business and its wider supply chain.
“For the auto-motive industry, there would be huge financial issues and ongoing reputational damage following a cyber attack. It is prudent for any business within the automotive industry to take proactive steps to improve cyber resilience within their organisation, including regular training sessions for all employees and vulnerability assessments.”
Niomie Haynes, commercial manager at the NWCRC, added: “For small and medium-sized businesses seeking support in building cyber resilience, the NWCRC provides support through awareness-raising, staff training, and senior leadership training, including boardroom-style exercises, to build a strong cyber culture.
“We test networks to ensure they are secure and provide ongoing support to help businesses integrate cyber resilience into their strategies. We understand the challenges businesses face and help manage cyber resilience when it can sometimes feel overwhelming.”
Practical advice for automotive industry
Below we outline some practical steps that any business within the automotive industry can implement:
Vulnerability assessments
Businesses should ensure they undertake regular security assessments of their websites and networks to identify vulnerabilities. They should also undertake digital footprint assessments and cyber risk exposure. Once you are aware of the current vulnerabilities, you can then work on making them more robust.
Supply chain assessments
Businesses should ensure they undertake regular security assessments on all suppliers, including third-party software providers, and have evidence of robust security practices.
Incident Response Plan:
Every business, however large or small, should have an Incident Response Plan, which includes every action and communication that needs to happen in the event of a cyber breach first being reported. This should include emergency response and immediate actions, through to communications with suppliers and logistics partners and post-incident review.
Access and user management:
Use multi-factor authentication (MFA), monitor privileged accounts, and limit access with the principle of least privilege for all critical systems. User management is vital – access should be immediately revoked or amended if an employee leaves the business or changes job role.
Password security:
All employees should understand good password hygiene, which includes unique and secure passwords for every account, the use of password managers and multi-factor authentication where necessary.
All businesses within the automotive supply chain should prioritise proactive cyber defences and rigorous preparation for when, not if, there is a cyber breach. This should involve all employees and put continuous learning and education around cyber awareness at the forefront of day-to-day business.
See NWCRC website for more resources and advice around cyber security for small to medium organisations: https://www.nwcrc.co.uk/
