Why Does Manufacturing See the Most Cyber Attacks?
In a conclusive announcement, the manufacturing sector has for the third time been ranked as the most-attacked industry in an IBM X-Force Threat Intelligence Report.
Manufacturers comprised more than 25% of security incidents last year, with malware attacks – primarily ransomware –making up the majority.
Taking the top place three years in a row, the report points to several factors that are making manufacturing particularly vulnerable to cyber threats in the current climate.
Attacking a crucial artery
Manufacturing facilities are integral to the economy, producing essential goods and services. As evidenced by things like the pandemic, when their operations go down or are impacted, costs rack up.
A 2022 Siemens report stated that unplanned downtime costs Fortune Global 500 companies 11% of their yearly turnover – almost US$1.5tn.
These costs arise from immediate production losses and longer-term impacts on customer trust and market position.
This low tolerance for downtime makes it an attractive target for cybercriminals who seek financial gains through ransomware attacks. A production halt may see some companies more likely to pay attackers to relent then deal with an even costlier period of downtime; further exacerbating the problem.
Manufacturing is also increasingly adopting digital technologies in efficiency improving efforts. With operations being largely on a production line, the benefits for such technologies are easily implemented and easy to see the benefits.
Yet, they also expand the attack surface greatly. The integration of Industrial Internet of Things (IIoT) devices means an expansion in the number of endpoints, which lead to legacy systems, which often have security vulnerabilities.
The threats facing manufacturers
One of the most significant threats to the manufacturing sector is credential harvesting. Cybercriminals target manufacturing companies to obtain credentials that grant access to high-value data.
The IBM X-Force report noted a 266% increase in infostealing malware, which is designed to capture credentials for emails, social media, and banking details. This trend highlights the ongoing investment by threat actors in innovative ways to gain access to user identities.
Compiling this with Gen AI, attacks are able to leverage stronger than ever identity-based attacks. Plus, AI can be employed to distil vast amounts of compromised data, identifying the most lucrative targets for attacks.
Despite the seemingly bleak outlook for manufacturers, the IBM X-Force report found that the majority (85%) of incidents they studied could have been prevented with measures such as patching, multi-factor authentication (MFA), and least-privilege principles.
They also highlighted the need for manufacturers to stress-test their systems to identify potential vulnerabilities and develop incident-response plans.
While the importance of cybersecurity is recognised across sectors, with many now seeing it as crucial to their overall plans for digital transformation, some are still hesitant to invest due to the perceived high costs of implementing cybersecurity measures.
But as the frequency of attacks increase, soon any tactics of paying off attackers to relent on their systems may tally up higher than the defence itself. As the manufacturing sector continues to digitise and expand its digital footprint, it becomes increasingly vulnerable to cyber attacks.
The industry's critical role in the economy, combined with its low tolerance for downtime and complex digital environments, makes it a prime target for cybercriminals. But by prioritising cybersecurity measures and adopting a proactive approach to threat management, manufacturers can better protect their operations and ensure long-term resilience in the face of evolving cyber threats.
******
Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024
******
Cyber Magazine is a BizClik brand