Cyberattacks continue to be a major issue, significantly impacting a wide range of industries and organizations across the globe. A research paper by the Cyber Rescue Alliance in 2022 indicated that three-quarters of companies worldwide had fallen victim to ransomware, a staggering increase of almost two-thirds since 2021. Additionally, global ransomware attacks occurred at a rate of approximately 20 per second in 2021.
The Cyber Security Breaches Survey 2022 conducted by the UK government revealed that 31 percent of reporting businesses are estimated to be targeted at least once a week, with 20 percent experiencing adverse consequences as a result. Unfortunately, the number of cyberattacks is unlikely to decrease as more sophisticated and effective attack methods emerge with the widespread implementation of artificial intelligence (AI).
This is a clear and urgent warning to decision-makers to take immediate action to build resilience against ever-evolving cyber threats.
The Need For a Response
Cyberattacks present a grave threat to manufacturing companies, with the potential to severely disrupt production processes and trigger dire financial consequences. A recent report from global insurer Hiscox highlights that one-fifth of companies falling prey to cyberattacks are perilously close to facing bankruptcy.
Moreover, the landscape of cyber threats is rapidly evolving, marked by increasing sophistication and intelligence. Alongside ransomware and phishing attacks, the infiltration of IT systems and theft of critical data and credentials play a pivotal role in this escalating danger. The manufacturing industry, as revealed by a comprehensive study conducted by Quest, stands out as one of the most susceptible sectors.
The survey results presented below shed light on the gravity of the situation:
- More than 38 percent of manufacturing companies would experience revenue losses between $20 and $50 million if their Active Directory was compromised for 24 hours.
- One-third would face losses between $50 and $100 million.
- Industrial espionage and ransomware are the greatest security threats, according to two-thirds of C-level IT executives from the manufacturing companies surveyed.
- Over half of manufacturing companies consider cybersecurity important.
- When adopting new technologies, one-third of companies rely on existing security measures without conducting additional assessments for potential optimization.
- 80 percent of respondents acknowledge that the lack of skilled personnel compromises cybersecurity within their company. Without external support or AI/ML technologies, the existing workforce is barely able to keep up with the growing number of cyberattacks.
- For half of the respondents, cybersecurity is important enough to adopt new technologies, although concerns about potential performance losses arise.
- Two-thirds of the respondents fear that cybersecurity risks will negatively affect the speed at which new technologies can be implemented.
Unintentional Data Leaks and Credential Theft
Data leaks can occur not only due to intentional actions, such as industrial espionage or ransomware, but also as a result of inadvertent disclosure of sensitive information, over-sharing, or what is commonly known as "data breaches," leading to unauthorized access. Among the most critical concerns is credential theft, which empowers attackers to extract data continuously, sometimes undetected for extended periods.
According to the Verizon Data Breach Incident Report, credentials are the most coveted category of information in security and privacy breaches, accounting for more than 60 percent of such incidents. In addition, a recent One Identity research report found that nine out of 10 organizations have experienced an identity-based attack in the year prior to the study.
To protect against both external and internal attacks, manufacturers need to implement a layered security approach that can counter viruses, spyware, malware, and ransomware. They need to do so as soon as possible, as manufacturing is one of the top five sectors most targeted by cyber attackers. Moreover, two-thirds of all respondents to Quest's survey realistically expect to be the victim of a cyberattack within the next 12 months.
Successful cyberattacks can lead to a range of adverse effects, including production system downtime and supply chain disruptions, as well as consequential damages like reputational damage and financial penalties. However, despite these potential consequences, only half of the surveyed companies assess their networks for security vulnerabilities twice a year, and less than 10 percent do so weekly.
This plays into the hands of cybercriminals, who may have months to steal or compromise data within the network. Inadequate staffing or a lack of suitable tools are cited as reasons for the infrequent network checks. As mentioned earlier, two-thirds of respondents believe that potential cybersecurity risks impact the implementation of new technologies. This highlights the need for partners and cybersecurity experts to support manufacturers in implementing security strategies and accelerating the adoption of new technologies.
Towards Cyber Resilience
As manufacturing companies look for effective ways to reduce the attack surface, they should focus on building and expanding sustainable business relationships with cybersecurity partners. With a long-term approach and a trusted partner, companies have a good starting point for improving their cyber resilience.
It is worth noting that the topic of cyber resilience has gained increasing importance in recent times, and is likely to continue growing in relevance. In the event of an attack, all departments must be prepared to respond appropriately while keeping business operations running optimally. To prepare for these challenges, decision-makers will not be able to avoid developing dedicated plans for enhanced security and, above all, resilience.
Surveys, such as the recent one conducted by Quest, once again highlight the urgent need for action, especially in the manufacturing sector.