Critical vulnerabilities affect 80 percent of manufacturing companies
A new report finds that 80 percent of manufacturing companies have critical vulnerabilities putting them at high risk for exploitation.
The study of 5,000 manufacturing companies by Black Kite finds 69 percent of companies analyzed have exposed credentials in the last 90 days.
"Due to its critical nature, the manufacturing industry is a prime target for bad actors to exploit. Although these organizations have invested substantially in protecting physical and operational technology, their expanding digital footprints are a point of weakness that must be addressed," says Ferhat Dikbiyik, chief research and intelligence officer at Black Kite. "Organizations in this sector need to immediately take note of their high risk and fortify their cyber defenses to mitigate the chances of becoming the next ransomware statistic."
A significant portion of manufacturing companies have also had vulnerabilities from the CISA known exploited vulnerabilities (KEV) catalog (67 percent) and broken crypto algorithms (62 percent).
Most manufacturers analyzed apply good application security practices, however, 30 percent of companies have critical vulnerabilities in web applications that threat actors can exploit.
Poor patch management is also pervasive across the industry. 94 percent of companies in the furniture and related product manufacturing sub-industry scored a D or F in patch management, which means most of their assets are running vulnerable or out-of-date products.
"It is important to note that in manufacturing, many systems are integral to the production process and cannot be easily updated without potentially impacting operations. However, this does not justify exposing these systems to the internet, where they can become easy targets for cyberattacks," Dikbiyik adds. "Unfortunately, the machines we observed were indeed exposed, heightening the security risks for these organizations."
According to the report, every sub-industry in manufacturing examined averaged a 0.4 or greater RSI (Ransomware Susceptibility Index) score, placing them in the critical category, meaning they are 3.4 times more likely to experience a ransomware attack. The risk is significantly higher in many subcategories. For instance, more than 60 percent of companies in both chemical manufacturing and transportation and equipment manufacturing fall into the critical category.
The full report is available from the Black Kite site.
Image credit: qerest/depositphotos.com