Manufacturing faces rising cyber threats, report reveals

A recent report from KnowBe4 reveals significant cybersecurity threats to the manufacturing industry, highlighting the need for improved security measures.

KnowBe4, a security awareness training and simulated phishing platform provider, has published the "Manufacturing: Maintaining Stability As Cyber Threats Explode in Volume and Sophistication" report detailing increasing cybersecurity vulnerabilities in the manufacturing sector. The report explores the tactics used by cybercriminals and offers recommendations for organisations to enhance their cyber defences.

The manufacturing industry emerges as one of the most targeted sectors for cyber attacks, representing over 25% of incidents among the top ten industries. A major portion, 45%, of these attacks are reportedly malware incidents. Cybercriminals find the manufacturing industry attractive due to its interconnected nature, reliance on various components like raw materials and transportation, low tolerance for operational downtime, and valuable intellectual property.

The report highlights several key points, including that phishing is the predominant method used for initial infections, followed by exploitation of public-facing applications. In 2023, the Asia-Pacific region was the primary target for cyber attacks, accounting for 54% of incidents. Europe ranked second with 26%, while North America and Latin America saw 12% and 5% of attacks respectively.

Ransomware attacks within the manufacturing industry have seen a 56% rise, particularly those involving extortion, indicating evolving tactics among cybercriminals. There has been a notable 266% increase in information-stealing malware incidents, targeting login credentials and sensitive data like email, social media, banking details, and more.

Furthermore, the industry has experienced an 88% increase in average ransom payments, which have surged to nearly USD $2.4 million over the past year. The report also cites KnowBe4's Phishing by Industry Benchmarking Report, which indicates that smaller manufacturing organisations performed better with a Phish-prone Percentage of 27.9%, compared to the baseline of 34% without security training. On the other hand, larger organisations with over 1,000 employees had a higher tendency to click on phishing links at 37.5%, suggesting a higher vulnerability among these employees.

Stu Sjouwerman, CEO of KnowBe4, commented on the findings: "Manufacturing's growing reliance on IT and OT systems, coupled with the increasing globalisation of supply chains, has both increased the industry's vulnerability and its attractiveness to threat actors. As we navigate these challenges, it is becoming clear that increasing awareness and providing robust training to recognise and prevent phishing and social engineering attempts is no longer just best practice – it is critical. These efforts are essential not only for individual organisations, but for maintaining stability across the global manufacturing industry and ensuring the uninterrupted flow of goods to consumers and businesses worldwide."

The report includes examples of recent cyber attacks across regions such as North America, Europe, Asia, and Oceania and asserts that as cyber threats continue to evolve, so too must defensive strategies.