Most, 76 per cent of employees across manufacturing say that they have been a victim of a cyber attack at work, according to research by a cyber threat detection and response firm.
e2e-assure adds that its findings show that only one in ten of cyber risk owners in that sector strongly agree that some attacks come through a lack of employee diligence, the second lowest out of the other sectors surveyed. The company suggests this is an indication that manufacturing is neglecting the role that their employees play in safeguarding their business assets. To back up that hypothesis the research found that nearly one in five (18pc) of manufacturing employees said they just receive a ‘disciplinary’ but no training as a consequence of falling for a cyber attack; the highest out of all business sectors surveyed.
The cyber firm describes this as a concern, considering manufacturers often rely heavily on legacy systems, due to the risk in downtime associated with replacing them. However, these systems can be problematic through a security monitoring lens as there is often difficulties in patching vulnerabilities, resulting in increased risk exposure to threat actors. Moreover, legacy systems don’t easily ‘plug in’ to advanced cyber security technology, leading to coverage gaps, making it harder to detect and respond to abnormal employee behaviour, which might signal malicious threat actor behaviour. Due to these complexities, it’s no surprise to the firm that some 44 per cent of manufacturers surveyed, by Censuswide, on behalf of e2e-assure, rely on an outsourced SOC provider (the second highest of all the sectors surveyed), up from 27 per cent last year.
What they say
Rob Demain, founder and CEO at e2e-assure, said: “With so many employees disengaged in cyber security due to a lack of focus on training, despite a high proportion of workers witnessing colleagues breach best practice, it’s imperative that cyber risk owners implement training programmes that help people understand aspects of cyber security, such as the risks of AI, and the best practices for using legacy systems securely.
“Cyber risk owners must also seek to understand employees’ behaviour around AI usage and educating them about the risks. This will serve to embed the belief that cyber security is a collective responsibility, ultimately driving up cyber resilience.”
Visit www.e2e-assure.com.
