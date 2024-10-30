Research Finds 80% of Manufacturers Have Critical Vulnerabilities

Some manufacturers are 3.4 times more likely to experience a ransomware attack.

Oct 30, 2024
Computer Crime Concept 516607038 2125x1416 (1)

Black Kite, a leading provider of third-party cyber risk intelligence, recently published the 2024 report: The Biggest Third-Party Risks in Manufacturing, which revealed that 80 percent of manufacturing companies have critical vulnerabilities putting them at high risk for exploitation. In creating the report, the Black Kite Research Team (BRITE) examined nearly 5,000 companies across 10 sub-categories in the manufacturing industry. 

Rapid digital transformation in recent years has made manufacturing a prime target for cyber attacks. Threat actors know that defense strategies have not kept pace with the rapidly expanding attack surface and these companies play critical roles within global supply chains. Attacks within manufacturing can result in cascading operational disruption and financial and reputational damage.

When considering the potential for impact and the sector’s vulnerable state, it is no surprise that, according to Black Kite data, manufacturing was the top industry victimized by ransomware attacks over the analyzed one-year time period (April 2023-March 2024), with more than 1,000 victims confirmed. Industrial machinery manufacturing tops the list of ransomware victims in the space, followed by motor vehicle parts manufacturing, and pharmaceutical and medicine manufacturing.  

Key findings of the report include:

  • 69 percent of companies analyzed have exposed credentials in the last 90 days.
  • A significant portion of manufacturing companies have also had vulnerabilities from the CISA known exploited vulnerabilities (KEV) catalog (67 percent) and broken crypto algorithms (62 percent).
  • Most manufacturers applied good application security practices, but 30 percent of companies have critical vulnerabilities in web applications that threat actors can exploit.
  • Poor patch management is pervasive across the industry, with 94 percent of companies in the furniture and related product manufacturing sub-industry scoring a D or F in patch management, which means most assets are running vulnerable or out-of-date products.

The report also ranks manufacturing companies’ probability of a ransomware attack occurring using Black Kite’s Ransomware Susceptibility Index® (RSI™). Black Kite collects data from open source intelligence sources (OSINT) — internet scanners, hacker forums and sources on the deep/dark web and more — and then uses machine learning to make correlations with a company's existing security controls to approximate potential risk for ransomware attacks. With its RSI score, a company can know the likelihood of an attack in minutes on a scale that ranges from 0.0 (lowest probability) to 1.0 (highest probability).  

According to the report, every sub-industry in manufacturing examined averaged a 0.4 or greater RSI score, placing them in the critical category, meaning they are 3.4 times more likely to experience a ransomware attack. The risk is significantly higher in many subcategories. For instance, more than 60 percent of companies in both chemical manufacturing and transportation and equipment manufacturing fell into the critical category.  

The full blog can be viewed by clicking here..

Latest in Cybersecurity
Industrial Media Unboxing Video
Sponsored
Industrial Media Unboxing Video
October 9, 2024
Data Center
Meeting the Demands of AI Computing
October 31, 2024
Protection Background Technology Security 524882074 701x502 (1)
CISA Offers Manufacturing Software Guidance, Key Vulnerability Updates
October 31, 2024
Ep117tn
Security Breach: The Little Things That Kill
October 31, 2024
Related Stories
Protection Background Technology Security 524882074 701x502 (1)
Cybersecurity
CISA Offers Manufacturing Software Guidance, Key Vulnerability Updates
Ep117tn
Cybersecurity
Security Breach: The Little Things That Kill
Industrial Cyber
Cybersecurity
More Than Half Unable to Track Sensitive Content
Industrial Media Unboxing Video
Sponsor Content
Industrial Media Unboxing Video
More in Cybersecurity
Today in Manufacturing Podcast
Sponsored
Today in Manufacturing Podcast
Today in Manufacturing has a new podcast brought to you by the editors of Industrial Media. In each episode, we discuss the five biggest stories in manufacturing, and the implications they have on the industry moving forward.
October 25, 2024
Protection Background Technology Security 524882074 701x502 (1)
Cybersecurity
CISA Offers Manufacturing Software Guidance, Key Vulnerability Updates
The agency continues to share vital updates and seek feedback on new cyber initiatives.
October 31, 2024
Ep117tn
Cybersecurity
Security Breach: The Little Things That Kill
Simple tasks continue to be the biggest challenges, but "training like you fight" offers solutions.
October 31, 2024
Industrial Cyber
Cybersecurity
More Than Half Unable to Track Sensitive Content
A new report spotlights the need for enhanced security and compliance strategies.
October 31, 2024
Automobile Cockpit, Various Information Monitors And Head Up Displays
Cybersecurity
Safeguarding Connected Cars from Cyber and Privacy Threats
It goes beyond protecting the vehicle and owner, to ensuring the entire connected ecosystem is secure.
October 30, 2024
Robot Programmer
Cybersecurity
Adversarial Machine Learning: AI and ML Beware
NIST published details about a type of cyberattack unique to AI systems where attackers can “poison” data that might be used by AI systems.
October 24, 2024
Manufacturing Infrastructure Cyber
Cybersecurity
OT Solutions Address Growing Industrial Threats
Powered by AI, Palo Alto's latest update is focused on remote operations and critical OT assets.
October 24, 2024
Ransomware
Cybersecurity
Meshing Cybersecurity into M&A Activity
Traditional security approaches are not ideally suited for such transactions, but a solution has been developed.
October 24, 2024
Ep116 V2
Cybersecurity
Security Breach: Preventing Phishing Attacks 'Not Rocket Science'
The seven pieces of the phishing puzzle and a Goldilocks strategy for improving defenses.
October 24, 2024
Industrial Cyber
Cybersecurity
Embracing Your Growing Attack Surface
The benefits of a unified SASE environment strategy.
October 24, 2024
Intllectual Property
Cybersecurity
Report Shows Well-Known Threats Persist at Alarming Levels
In particular, phishing attack success rates sit at an extraordinarily high level in the industrial sector.
October 24, 2024
84998 All 4 Defender
Cybersecurity
The Anybus Defender Industrial Security Lineup
The security appliances are designed specifically for the ICS in safeguarding OT assets and networks.
October 17, 2024
Computer Crime Concept 516607038 2125x1416 (1)
Cybersecurity
The Evolving Threat Landscape
A look at some new trends and how old threats are changing for the worse.
October 17, 2024
Manufacturing Infrastructure Cyber
Cybersecurity
CISA Teams with Law Enforcement to Address Iranian Hacking
These groups have been using brute force and password spraying to compromise user accounts.
October 17, 2024
People Cyber Metamorworks
Cybersecurity
The Soft Skills to Look For in Manufacturing Security Leaders
Without them, even the best tools and technical knowledge may fall short in preventing disruptions and mitigating risks.
October 17, 2024