The manufacturing sector is at high risk of cyber-attacks and 80% of companies have critical vulnerabilities (with a CVSS score 8 and above), according to an analysis by Black Kite.
Over two-thirds (67%) of manufacturing organizations had at least one vulnerability from the Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) Catalog, which details flaws that have been exploited in the wild.
The report, which examined 5000 companies across the global manufacturing industry, also found that approximately 30% have critical vulnerabilities in web applications – often the entry point for cyber-threat actors.
Poor patch management practices are “pervasive” across the industry, according to the researchers, which is a major factor in the prevalence of critical vulnerabilities.
Additionally, 69% of manufacturing firms have leaked credentials in the last 90 days, and 62% have broken crypto algorithms (SSL/TLS).
Read now: Five ICS Security Challenges and How to Overcome Them
Manufacturing the Biggest Target for Ransomware
The report found that manufacturing was the number one target for ransomware groups from April 1, 2023 to March 31, 2024, facing 21% of attacks (1016 out of 4893 victims).
This was followed by professional, scientific, and technical services (18%), healthcare and social assistance (6%), finance and insurance (5.7%) and educational services (5.5%).
Industrial machinery manufacturing was the manufacturing sub-sector with the highest number of victims across the 12-month period (76), followed by motor vehicle parts manufacturing (58) and pharmaceutical and medicine manufacturing (50).
The researchers highlighted the manufacturing sector’s rapid digital transformation post-COVID-19 as a key factor in its vulnerability to ransomware actors, with cybersecurity defenses unable to keep pace with the expanded digital footprint.
The ability to cause significant operational disruption to production lines through attacks, financial and reputational damage, also makes manufacturing a lucrative target for ransomware.
Read now: Manufacturing Sector Reeling From Financial Costs of Ransomware
Ferhat Dikbiyik, Chief Research and Intelligence Officer at Black Kite, commented: “Due to its critical nature, the manufacturing industry is a prime target for bad actors to exploit. Although these organizations have invested substantially in protecting physical and operational technology, their expanding digital footprints are a point of weakness that must be addressed.
“Organizations in this sector need to immediately take note of their high risk and fortify their cyber defenses to mitigate the chances of becoming the next ransomware statistic.”