1-in-5 manufacturing companies in the U.S. and U.K. have been victims of a cyberattack in the last 12 months, according to the 2021 Manufacturing Cybersecurity Threat Index released by Morphisec. Of the 1-in-5, nearly a quarter (24%) report that cyberattacks against their organizations occur weekly, evidence of the rising threat for an industry that has recorded one of the highest number of attacks of any sector since the onset of COVID-19.
With recent attacks targeting intellectual property (IP) and critical infrastructure debilitating entire manufacturing organizations, Morphisec combined internal data on the manufacturing attack landscape with an external survey of 567 manufacturing employees across the U.S. and U.K. in April to inform its inaugural index looking at the manufacturing industry.
The index found 57% of manufacturing employees say they’re more worried today about their organization being targeted for IP by cybercriminals than they were a year ago. 70% also note that they believe manufacturers have been targeted more since the beginning of the pandemic. Cybercriminals appear to have been encouraged by the crisis to go after vulnerable industries like manufacturing that need to be operational around the clock. Worse yet, the economic impact that these nefarious parties pose continues to increase, with businesses not only incurring the costs of large ransom payouts but the knock-on effects of extended downtime.
To better understand the attack types malicious actors utilize within the manufacturing sector, Morphisec analyzed attempted attacks against manufacturing endpoints it's deployed on over the last year. It found infostealers and bankers made up the highest percentage of attempted endpoint attacks (31%). Additionally, although the percentage of ransomware (13%) and supply chain (8%) attack attempts against manufacturing endpoints were less, they saw a marked increase over the last twelve months.
When it came to attempted attacks targeting servers, Morphisec found manufacturers experienced the most attempted exploits focused on initial access. This was the most active type of attempted attack on manufacturing servers (30%) as exploits targeted BlueKeep and SMBGhost. Ransomware (15%) was also highly used by attackers targeting the servers within manufacturing organizations. Many of these attempted attacks were designed to leverage human-operated ransomware to direct the attack upon entry into the target’s systems.
Nearly all of these attack types can be costly for manufacturers. Morphisec uncovered through its surveying that in most cases (53%), organizations needed up to a week to recover from attacks. A fifth of incidents (18%) required two weeks to recover. In the most extreme cases where organizations needed three weeks or more to recover, respondents noted that they had fallen victim to ransomware.
In addition, Morphisec found that more than three-quarters (76%) of manufacturing employees say they’ve had at least some colleagues working from home during COVID-19. As has been widely reported throughout the pandemic, remote work environments have only encouraged cybercriminals to seek out gaps in employees’ home networks, as well as their reliance on vulnerable collaboration applications, to gain access to company data. Of respondents that say they’ve had colleagues working remotely, nearly two-thirds (63%) admit it has increased the risk of a cybersecurity breach against their organization.
“Like the healthcare industry, the manufacturing sector has found itself increasingly in the crosshairs of cybercriminals over the last twelve months as they’ve turned their attention to always-on industries that can quickly line their pockets,” said Ronen Yehoshua, CEO of Morphisec. “However, manufacturers also face a growing risk of state-sponsored cyberattackers targeting them exclusively for intellectual property. A single breach can put the entire manufacturing infrastructure at risk, and with the pandemic resulting in more remote work in the sector than ever before, perimeter security today is irrelevant. Therefore, manufacturing organizations must treat the endpoint as the last true perimeter with automatic protection that stops ransomware, infostealers, and other advanced attacks before the breach.”