The manufacturing sector is being hard hit with cyber-attacks, with one report stating that 50% of manufacturing companies reported having experienced a data breach or cyberattack in the past year, with 73% of attacks being financially motivated. But it is not just cyber criminals expecting a pay out, corporate espionage is also on the rise.
One of the most common ways that a cyber-attack will start is with a phishing email.
Phishing is a type of impersonation attack, whereby attackers pretend to be a trusted entity, such as a customer, a supplier or an employee.
The attacks can be very generic
“hey, you, fancy a free thingy?”
or very targeted
“Mr Alan Burrows of Manufacturing Corp, fancy a free thingy, we know you’ve bought them before?”
and because of the wide ranging, and sometimes very clever social engineering, phishing can be the hardest attack to avoid.
These attacks are not limited to email, they can be in any communication form; SMS, voice, social media, even QR codes.
Access and Information.
Access to your systems and information about you and your company.
Phishing emails will try and get you to click on a link which it likely to take you to a fake login screen for a trusted service, such as google or Microsoft. Once you “log in”, the attackers capture the details you have entered, steal them and then log themselves in.
Or they might send an email with an attachment. Unfortunately, the attachment is likely laced with malware which will infect your systems, potentially causing your production operation to grind to a halt.
Criminals are getting more sophisticated in the campaigns that they are operating, and it can be very difficult to detect, but here are a few things that might help you to spot a phish.
Recognise the tactics. Criminals use these tactics to get you to act – so if you can spot these within an email just think before you act.
You can also look out for:
Your staff can be the best and worst defence in spotting phishing and taking action, so you need to involve them in protecting your company. If they understand the tactics criminals use, then they will be more likely to spot that risky email. But if the worst happens and they do click a link, they should also be trained about how to report it, so the minimum damage occurs.
Consider having some staff awareness training. Our affordable student services will work with you to provide a bespoke awareness session relevant to you and your company.
Report it - If you think you have received a phishing email, then you need to report it. Your business should have a policy about this, and your staff should understand what they need to do, whether they have fallen victim or just received it.
The NCSC has an add-in which you can use in business versions of Outlook to report phishing emails directly to them so that they can investigate and potentially remove the threat. This could also help to keep phishing in mind when they receive an email, like a little nudge.
Don’t click on any links that you are suspicious of. Go to the legitimate site and confirm the information there.
Confirm independently - If you received an attachment that you were not expecting, or a change of payment details, confirm the details with the person using a method other than the one in the communication – criminals might be monitoring the email address or have changed a phone number, so it goes to them.
Understand how urls and emails are structured so you know what you are looking for. You can read more about this here.
The Eastern Cyber Resilience Centre is a not-for-profit membership organisation, run by policing, with the intention of increasing cyber resilience of SMEs within the East of England.
You can contact the Cyber Resilience Centre for guidance and support through our e-mail enquiries@ecrcentre.co.uk or use our online booking system to make an appointment with one of our team.
We also provide free guidance on our website and we would always encourage you to sign up for our free core membership. Core members receive regular updates which include the latest guidance, news, and security updates. Our core membership has been tailored for businesses and charities of all sizes who are based across the seven counties in the East of England.
Policing led – business focussed.
Click to Open Code Editor