As the aerospace industry continues to diversify, the common themes running through the evolvement of the industry are collaboration, upskilling young people to be ready for the future, advanced manufacturing techniques and investment into technology.
Whilst many of the Prime and Tier 1 aerospace manufacturers may invest heavily into cyber security, aware of the massive threat to data and intellectual property, the supply chain needs to be ready to follow suit to ensure they are meeting the expectations of their contractors.
In this article, Training 2000 Cyber Security provide a step-by-step guide with where to begin, and how to approach your cyber security strategy.
1. Make a commitment
The threat is growing, it isn’t going away and we are not safe. Therefore, organisations, at Senior Management level need to accept the risk, and make a commitment to putting cyber security measures in place, with a view to cascading the culture throughout the organisation.
2. Identify your weaknesses
As the cyber security landscape is so vast, identifying your weaknesses across the board will churn out a true representation of your current security posture. Our advice would be to work with a dedicated Cyber Security Consultant to carry out an on-site audit.
3. Define your strategy
From your audit, you will then know what you need to put in place across the business to address the risk. When it comes to cyber security, there certainly isn’t a ‘one-size-fits-all’ approach so it’s important to piece together your strategy based on your actual company requirements.
4. Implement policies
As much of our data is now online, a dedicated cyber security policy is essential for any workplace. This document should set out your rules around passwords, encryption, data, remote working and BYOD at the very minimum, and of course should be thoroughly communicated from boardroom to basement.
5. Secure your technology
There is no doubt that a weak IT infrastructure leaves you vulnerable to attack, so putting in place software to secure your data, carrying out penetration testing to identify your weaknesses and implementing secure sharing processes can all raise your defences.
6. Train your people
As the gatekeepers of your crucial company data and intellectual property, your people need to know what to look out for to stay safe online, at work and when working away from the office. As important as health and safety training, your users are your greatest asset, and also your biggest threat, so in this instance knowledge is power.
7. Test plans
A disaster recovery plan tends to be commonplace in most businesses, but does it cover you in the event of a cyber attack? This, coupled with an incident response policy should set out the plan of action in the event of a breach, and it must be updated and tested on a regular basis to allow for shifting technologies and company processes.
Compliance or requirements from suppliers or contracts may be the push your business needs in order to address your security posture. Cyber Essentials, ISO 27001 and the Government’s 10 Steps to Cyber Security all provide great methodologies to work from to secure your business, however they should be approached with caution as simply complying to a programme or receiving an accreditation won’t provide the culture change required to fully adopt cyber security.
We’d like to highlight the cyber security event Training 2000 Cyber Security are hosting in conjunction with the North West Aerospace Alliance on 28th September, if you haven’t booked your place yet, you can do so now. This event is available to NWAA members, please click here to book your tickets today!