Digitalization makes the manufacturing industry an increasingly attractive target for cybercriminals. The Cyber Weerbaarheidscentrum Brainport (CWB) translates the expertise that large companies build up in this area to small and medium-sized manufacturing companies. And it brings companies together so they can learn from each other. However, people remain the weakest link when it comes to cybersecurity, notes Paul van Nunen, director of Brainport Development. That's why cybersecurity should be Chefsache (a top priority for executives). However, the reality is different. Can a platform like Tech2B play a role in this?
The digitalization of entire supply chains means that cybersecurity should be high on the agenda of every manufacturing company. It doesn't matter whether all the machines in the workshop are connected to the internet or not. Cybercriminals can enter through office automation and completely paralyze a company. "A digital ransom attack will shut down the operational side of your business; they freeze data and demand ransom," says Paul van Nunen. And if it's not directly about money, they watch what's happening in your business: orders, processes, parts you produce. "Because in addition to monetary gain, the second reason why hackers invade is that they are looking for information about technology and business processes." Pure espionage. And a third reason has more to do with geopolitical developments. Some countries are looking for ways to cripple important sectors in Europe, thus disrupting society and the economy.
There are plenty of reasons why cybercriminals are targeting the IT systems of production companies. As partners in long supply chains in the manufacturing industry become increasingly intertwined digitally, the risk of a chain being affected increases. The high-tech manufacturing industry in the Netherlands is particularly interesting because shutting down companies in this sector causes more damage than if the baker on the corner can no longer bake because his IT system is held hostage. This is especially true now that the semiconductor supply industry is seen as an important sector for the Dutch economy. Paul van Nunen says, "Every company is a link in that chain. Digital intrusion at one of these links can paralyze the entire chain." This does not even have to happen by penetrating the IT systems of an OEM through the back door of a smaller supplier. "There is a lot of compartmentalization between the links. But if a small company that makes important parts for a high-tech machine cannot produce them, the OEM cannot complete the machine. We saw this during corona and last year after the raid in Ukraine. If one important part is missing, the entire system will not work."
That is why the Brainport region has put the theme high on the agenda. Not unjustified, if you
look at recent figures. The Cyber Resilience Survey SME Brabant 2022 showed last year that 51.5% of the participants - the Brabant SMEs - have already experienceda cyberse curity incident. Paul van Nunen thinks that this figure is actually higher, because companies often find it difficult to admit that cyber criminals have penetrated their systems. "They want to be a reliable partner." This restraint is unjustified, according to the director of Brainport Development. The steps the company takes in the first hours are crucial. "That is why we support companies, so that they quickly get access to experts who can help them." He estimates that in the manufacturing industry certainly two in five companies have already experienced cybercrime. "Manufacturing companies are above average interesting." Therefore, a second figure from the above-mentioned study is actually more alarming: cybersecurity is only on the agenda at barely half of the companies. Cybersecurity is something abstract for many companies; they think they have solved the problem by outsourcing their IT management. "Cybersecurity, however, starts with awareness. All employees must be aware of the risk. Be alert that passwords are regularly renewed. Close your laptop when you leave your workplace. Do not open attachments indiscriminately. The biggest vulnerability is the human factor," notes Paul van Nunen. That is why the Cyber Weerbaarheidscentrum Brainport (CWB) has developed knowledge cards that provide employees in the manufacturing industry with very practical tips on how to contain risks.
The word has been mentioned: reliability. Manufacturing companies, wherever they are in the supply chain, want to come across to their customers as a reliable partner. This is something that manufacturing companies will have to demonstrate in a few years. There is legislation coming that will enforce this. The CWB, together with partners, has developed a certification scheme. This is derived from ISO 27001 and is intended for companies for whom ISO certification is not necessary. The CWB has defined three maturity levels: basic, intermediate, and advanced. A manufacturing company that goes through these three levels receives a certificate with which they can show others that they work safely. Creating awareness is part of the steps that need to be taken to qualify for certification. Tech2B, the platform that connects companies in the high-tech supply chains, will also support both purchasers and smaller manufacturing companies on their way to this future. In their profile, manufacturing companies can indicate which Cyra security ranking they have and whether they are already certified. "If purchasers want to invite companies for an RFQ (Request for Quote), they can tick security as a requirement in the future. Cybersecurity becomes part of the business model. Certification can then become decisive in getting an order," says Sjors Hooijen, CEO of Tech2B. In addition, the platform will offer the knowledge cards developed by the Cyber Resilience Centre to help companies take their first steps in cybersecurity on the knowledge-sharing section of the Tech2B platform. "By working together, we make more companies aware of the dangers." The team working daily in the background on the development of the platform continuously pays attention to its security. The platform has an external party perform a security check every quarter, and the latest IT standards are applied.
Paul van Nunen believes that every manufacturing company should prioritize the subject. Owners and directors must actively get involved. "The director must want it. It is Chefsache. Because cybersecurity directly affects your primary process. The idea that you take action and then everything is arranged is an illusion. This is partly due to the fact that cybercriminals rapidly develop new methods and techniques, and partly because the human factor remains the weakest link. You must continue to pay attention to this."
Paul van Nunen - Director Brainport Development | Sjors Hooijen - CEO Tech2B