IT disaster recovery, cloud computing and information security news

20 percent of US and UK manufacturers were victims of a cyber attack in 12 month period

1-in-5 manufacturing companies in the US and UK have been victims of a cyber attack in the last 12 months, according to the 2021 Manufacturing Cybersecurity Threat Index released by Morphisec. Of the 1-in-5, nearly a quarter (24 percent) report that cyber attacks against their organizations occur weekly, evidence of the rising threat for an industry that has recorded one of the highest number of attacks of any sector since the onset of COVID-19.

With recent attacks targeting intellectual property (IP) and critical infrastructure debilitating entire manufacturing organizations, Morphisec combined internal data on the manufacturing attack landscape with an external survey of 567 manufacturing employees across the US and UK in April to inform its inaugural index looking at the manufacturing industry.

The index found that 57 percent of manufacturing employees are more worried today about their organization being targeted for IP by cybercriminals than they were a year ago. 70 percent also note that they believe manufacturers have been targeted more since the beginning of the pandemic. Cybercriminals appear to have been encouraged by the crisis to go after vulnerable industries like manufacturing that need to be operational around the clock.

To better understand the attack types that malicious actors use within the manufacturing sector, Morphisec analyzed attempted attacks against manufacturing endpoints it has been deployed on over the last year. It found that infostealers and bankers made up the highest percentage of attempted endpoint attacks (31 percent). Additionally, although the percentage of ransomware (13 percent) and supply chain (8 percent) attack attempts against manufacturing endpoints were less, they saw a marked increase over the last twelve months.

When it came to attempted attacks targeting servers, Morphisec found that manufacturers experienced the most attempted exploits focused on initial access. This was the most active type of attempted attack on manufacturing servers (30 percent) as exploits targeted BlueKeep and SMBGhost. Ransomware (15 percent) was also highly used by attackers targeting the servers within manufacturing organizations. Many of these attempted attacks were designed to leverage human-operated ransomware to direct the attack upon entry into the target’s systems.

Nearly all of these attack types can be costly for manufacturers. Morphisec uncovered through its surveying that in most cases (53 percent), organizations needed up to a week to recover from attacks. A fifth of incidents (18 percent) required two weeks to recover. In the most extreme cases where organizations needed three weeks or more to recover, respondents noted that they had fallen victim to ransomware.

In addition, Morphisec found that more than three-quarters (76 percent) of manufacturing employees say they’ve had at least some colleagues working from home during COVID-19. As has been widely reported throughout the pandemic, remote work environments have only encouraged cybercriminals to seek out gaps in employees’ home networks, as well as their reliance on vulnerable collaboration applications, to gain access to company data. Of respondents that say they’ve had colleagues working remotely, nearly two-thirds (63 percent) admit it has increased the risk of a cyber security breach against their organization.

More details.



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.