AS an organisation, Scottish Engineering is unashamedly a broken record when it comes to the benefits of digitalisation, particulary the automation of physical processes and data to bring efficiency, insight and usefulness.
We keep a keen eye on the survey responses for capital investment for our members, and welcome an encouraging increase in application of this technology as one of the more effective responses to fill the gap for missing people.
The increase adds to a picture of significant transformation in the application of information technology in the last three years where the ease of working remotely has underlined the benefits of shared secure data and applications in the cloud, and also highlighted the lack of flexibility from the ancient server running an old application that could only be reached on the office network.
Ease of connectivity has undoubtedly made working from anywhere a possibility – although a three year work cruise can remain just an amusing sideshow for me thanks – and that extra connectivity and ‘work from where you like’ brings some added risks as well as benefits.
In the same timeframe engineering companies have experienced shortages of people and parts alongside spiralling costs, so our sector has adopted smart manufacturing into their operations, adding cloud-based applications along with digital, sensory and automation technology.
These investments bring significant benefits in terms of efficiency, quality and productivity but also increase business exposure to potential cyber security threats to the systems and processes they operate, and to the sensitive data that they collect and store.
One of last week’s more eye catching pieces of news was the tweet from the FBI in Denver, Colorado that recommended that Easter travellers should beware of using free public USB charging stations as ‘bad actors’ could be using these ports to introduce malware and monitoring software onto their devices, and it’s a good reminder of the constant unseen cyber threat that exists for us all - including companies from the smallest to the largest.
The month of April opens with a call to take part in the UK Government’s annual cyber security survey, capturing breaches identified by participating companies in the last twelve months. We can expect the results to appear around July, but a look back to the most recently published in 2022 sharpens our focus on the scale of the challenge.
39% of participating companies experienced a cyber attack in that year, a mid-table result for the last six years where 2017 saw the high of 46% and 2019 recorded the low of 32%. Just over one in five of those identified a more sophisticated attack such as denial of service, malware or ransomware attack, and 31% of businesses reported weekly attacks, with one in five companies reporting a negative outcome from the attacks they received.
This overall picture matches increasing threats in our sector, which also include industrial espionage, theft of sensitive data, and even potentially catastrophic interruptions to critical control systems in areas such as defence, utilities and transport. No surprise then that cyber health is a top priority for complex engineering and manufacturing processes and the security of commercially sensitive or proprietary data.
Phishing emails are still widely seen as the most common method of attack, and despite sophisticated detection software, vigilant people remain the first line of defence. Staff need to be informed, understand the risks, and have sufficient knowledge and access to tools to help deter or mitigate attacks, and so active monitoring of security is vital alongside mitigation and continuity plans for when things do go wrong – this is definitely an area where fingers crossed is never enough.
The potential impact to our economy and wider security should remind us all that help is at hand, and that even a little effort can go a long way to reducing your risk. The National Cyber Security Centre (NCSC) have an useful step-wise approach for businesses starting with their free Cyber Action Planning service, with tools designed for non-technical users to identify and fix security issues within their organisation. Above that their Readiness for Cyber Essentials helps companies work towards accreditation which increasingly can be a minimum customer requirement to show compliance in this critical area.
I started by underlining our steadfast belief in the value of application of digital technologies, and that is unchanged as it remains our most direct route to lifting ourselves out of the relegation zone of the league table of productivity.
Increased cyber connectivity will bring threats, but the principles of risk assessment and control measures to deliver a well managed risk are already well understood – as our engineering sector already does for safety, health and environment – and thanks to the NCSC and others, the tools they provide give us no excuse not to apply them.
Paul Sheerin is the chief executive of Scottish Engineering
Why are you making commenting on The Herald only available to subscribers?
It should have been a safe space for informed debate, somewhere for readers to discuss issues around the biggest stories of the day, but all too often the below the line comments on most websites have become bogged down by off-topic discussions and abuse.
heraldscotland.com is tackling this problem by allowing only subscribers to comment.
We are doing this to improve the experience for our loyal readers and we believe it will reduce the ability of trolls and troublemakers, who occasionally find their way onto our site, to abuse our journalists and readers. We also hope it will help the comments section fulfil its promise as a part of Scotland's conversation with itself.
We are lucky at The Herald. We are read by an informed, educated readership who can add their knowledge and insights to our stories.
That is invaluable.
We are making the subscriber-only change to support our valued readers, who tell us they don't want the site cluttered up with irrelevant comments, untruths and abuse.
In the past, the journalist’s job was to collect and distribute information to the audience. Technology means that readers can shape a discussion. We look forward to hearing from you on heraldscotland.com
Comments & Moderation
Readers’ comments: You are personally liable for the content of any comments you upload to this website, so please act responsibly. We do not pre-moderate or monitor readers’ comments appearing on our websites, but we do post-moderate in response to complaints we receive or otherwise when a potential problem comes to our attention. You can make a complaint by using the ‘report this post’ link . We may then apply our discretion under the user terms to amend or delete comments.
Post moderation is undertaken full-time 9am-6pm on weekdays, and on a part-time basis outwith those hours.
Read the rules here