The rising threat of social engineering for electronics manufacturers

As increasing numbers of electronics manufacturers invest in advanced interconnected technologies such as robotics, real-time data analytics and artificial intelligence (AI), maintaining the security of their valuable intellectual property (IP) has never been more crucial.

For many electronics manufacturers, their intellectual property (IP) is often their single most valuable company asset. 

However the growth in smart manufacturing, the advancement of automation and the increasing complexity of global supply chains means that virtually any connected device can place a company's valuable information at risk.

Cyber threats - key facts and predictions

A variety of recent studies have highlighted just how vulnerable the global manufacturing industry is to the actions of cyber-criminals.

In 2017 NTT security revealed that thirty-four percent of all documented cyber attacks in Q2 of that year were focused on manufacturers.

And the 2018 report from the manufacturing membership organisation EEF highlighted the fact that more than four in ten manufacturers considered themselves to be 'unprepared' for a cyber attack.

Also in 2018, Cybersecurity Ventures predicted that cyber crime could cost the world an astonishing £4.7 trillion annually by 2021.

And the 2019 Cisco Cybersecurity Report found that thirty-one percent of organisations had experienced cyber attacks on their operational technology infrastructure.

What's new?

One of the rising new forms of cyber threat is 'social engineering', which relies on the 'psychological manipulation' of individuals in order to gain access to sensitive or confidential information.

So what are the key facts that electronics manufacturers need to know about the growing cyber risk of social engineering?

And what steps can they take to ensure their people, their assets and their intellectual property stay safe?

Social engineering explained

The concept of social engineering is based on Robert Cialdini's widely regarded psychological theory of the six principles of influence:

1. Reciprocity - or the tendency for people to want to return what they consider to be a "favour"
2. Commitment - which draws on the idea that, once people commit to a specific idea or goal (whether verbally or in writing), they are more likely to want to honour that commitment
3. Social proof - evidenced by the fact that we all have the potential to be influenced by the things we see other people doing
4. Authority - which builds on the concept that people are hard-wired to respect, and adhere to the requests of, anyone whom we perceive to be in a position of "authority"
5. Like-ability - or the idea that, the more we "like" someone, the more likely we are to be easily persuaded by them
6. Scarcity - the idea that whenever there is the perception of scarcity of a specific product or service, this also tends to fuel the demand for it

The most common types of social engineering

When considered in the context of cyber crime, social engineering can manifest in a wide number of ways:

• Phishing - or the use of email from supposedly genuine sources in order to fraudulently gain private information
• Baiting - offering an end user something enticing in order to gain access to private data
• Smishing - where SMS messages are used to encourage an individual to take a specific course of action
• Vishing - also known as voice-phishing - in which an interactive voice response system (IVR) is used to gain access to a person's private or financial information
• Impersonation - where another individual's private data is used, or personal information is falsely created, in order to establish legitimacy
• Tailgating - where an unauthorised person tricks or persuades an employee to provide access to a restricted area, whether remotely or physically
• Quid Pro Quo - where critical data is requested in exchange for a service

Reducing the social engineering threat

There are important steps that manufacturers can take to reduce their cyber security risk, including the introduction of standardised frameworks, the setting up of security protocols, the provision of staff training and the carrying out of intermittent testing and reviews.

There are also simple day-to-day habits that can be employed by every employee:

• Knowing not to open emails or to click on links from unknown or untrusted sources
• Ensuring that computers are never shared
• And checking that all company desktops, laptops and mobile devices are set to automatically lock whenever they are left idle for more than a few minutes

Social engineering is an increasingly significant, and constantly evolving, form of cyber crime that poses a threat to the security of individual employees and the companies that they work for.

Given that the manufacturing industry would appear to be seen as an attractive target by cyber criminals, it is even more vital that manufacturers get educated, that they toughen up their operational infrastructure and that they maximise their testing procedures, to keep their staff, their assets and their valuable IP out of harm's reach.