As a key target for cyber-attackers, the manufacturing sector faces a high level of cyber risk within a complex threat landscape.
From email compromise to insider threat, manufacturing businesses are under pressure to defend themselves effectively from threats across their environment.
Drawing on insights from the recent Kroll report, The State of Cyber Defense: Manufacturing Resilience, this article outlines the primary threats currently impacting manufacturing companies.
Top 5 cyber threats to manufacturing
A notable finding shared in the recent Kroll report, The State of Cyber Defense: Manufacturing Resilience is that the manufacturing industry is more likely than the average organisation to have more mature threat detection and response capabilities. While this is encouraging, it is also worth noting that 25% of manufacturing respondents said that they only employ the most basic security capabilities, such as cyber security monitoring.
These types of challenges are accompanied by some concerning gaps between perception and reality. A key example of this is that the threat type with which the manufacturing industry is most concerned, is not the most common one.
Discover what it is as we outline the top five cyber security threats for the manufacturing industry below.
1. Email compromise
While ransomware was the threat that the majority of manufacturers surveyed said they were most concerned about, according to Kroll’s Cyber Threat Intelligence (CTI) team, email compromise is the most common threat type. This accounts for nearly half of all incidents observed by Kroll in the manufacturing industry. The challenge presented by business email compromise is that it can target multiple departments, making maintaining control and visibility over vast networks very difficult, especially when a company needs to rely on its employees as its first line of defence.
2. Ransomware
The manufacturing industry faces a high volume of ransomware attacks. Kroll’s CTI team found that manufacturing is one of the industries most targeted by ransomware. External remote services such as VPNs, and CVE/zero-day exploits are the most common initial access methods for threat actors targeting the manufacturing sector.
3. Unauthorised network/cloud access
Unauthorised network/cloud access makes up 14% of the cyber-threats faced by the manufacturing sector. Manufacturers that fail to implement a strong network security framework leave themselves vulnerable to cyber-attacks. With the financial and reputational damage of breaches higher than ever, implementing a high standard of network security and defending their cloud environments should be a key focus for manufacturers.
4. Insider threat
Whether they are a result of malice or negligence, insider threats pose a significant cyber security risk to manufacturing companies. However, while the dangers presented by insider threats are becoming more widely recognised, businesses are still not allocating sufficient resources to mitigate the risk they pose. As threat actors become more sophisticated and attacks continue to target employees, manufacturers’ human and technological defences need to keep up.
5. Web application compromise
Another key threat for manufacturers is web application compromise. This involves a variety of exploits directed at web applications such as content management systems, and e-commerce platforms. Threat actors use techniques such as structured query language (SQL) injection, cross-site scripting (XSS) and account takeover (ATO) attacks to gain access to payment data and other personal information submitted on payment sites.
How Kroll can help
Because of our extensive experience in the manufacturing sector, we at Kroll are better able to understand the security challenges your company is facing and how to resolve them.
As the global incident response leader, we respond to over 3,000 security events every year. We are well-placed to help you take effective action and respond faster and more effectively to security incidents.
Kroll Responder, our managed detection and response (MDR) solution, delivers 24/7 security monitoring, earlier insight into threats, and complete response that goes far beyond simple threat containment to understanding the root-cause, hunting for further evidence of compromise and eradication. Kroll Responder is consistently recognized as industry-leading by security sector analysts.
