Manufacturing businesses most likely to be hit by cyberattacks
The manufacturing industry is the most affected by cyber attacks, accounting for over 25 percent of all incidents, across the top 10 industries, of which 45 percent are malware attacks.
According to a new report from security awareness training company KnowBe4 the industry has become increasingly attractive to cybercriminals in recent years due to its interconnected nature, having a low tolerance for downtime, and valuable intellectual property stored in its databases, which could save competitors millions if obtained.
Phishing is cited as the top initial infection vector, followed by exploitation of public-facing applications. Asia-Pacific has been the prime target for cyberattacks in 2023, accounting for over half (54 percent) of all reported incidents. Europe is the second most targeted region, with 26 percent of cyberattacks, while North America and Latin America experienced 12 percent and five percent respectively.
The report also shows a 56 percent increase in ransomware attacks involving extortion in the industry, highlighting a growing trend in cybercriminal tactics. Manufacturing has also experienced a 266 percent rise in information stealing malware being injected into systems, designed to steal logins and other credentials for email, social media and messaging accounts, banking details, etc.
In addition the manufacturing industry has faced a dramatic 88 percent surge in average ransom payments, reaching nearly $2.4 million in the last year.
"Manufacturing's growing reliance on IT and OT systems, coupled with the increasing globalization of supply chains, has both increased the industry's vulnerability and its attractiveness to threat actors," says Stu Sjouwerman, CEO of KnowBe4. "As we navigate these challenges, it is becoming clear that increasing awareness and providing robust training to recognize and prevent phishing and social engineering attempts is no longer just best practice -- it is critical. These efforts are essential not only for individual organizations, but for maintaining stability across the global manufacturing industry and ensuring the uninterrupted flow of goods to consumers and businesses worldwide."
KnowBe4 analyzes the online behavior of users to determine a baseline of how many individuals, without security awareness training, are susceptible to clicking on fraudulent links in phishing emails.
The report shows small manufacturing organizations fare well against the baseline of 34 percent. With no security training, the 'Phish-prone Percentage' of these organizations with less than 250 employees is 27.9 percent, well below average. In companies with more than 1,000 employees, the opposite is true -- with no security training, 37.5 percent of employees tested clicked on a bad link in a phishing email. This means that cybercriminals have a chance of successfully phishing almost four out of 10 employees in the manufacturing industry.
The full report is available on the KnowBe4 site.
Image credit: qerest/depositphotos.com