One cybersecurity training firm has examined some third-party threat intelligence reports to highlight manufacturing industry cyber trends
Based on the findings of third-party threat intelligence reports* for 2024 (data collected in 2023), a cybersecurity firm has zoomed in on cyber trends in the manufacturing industry, citing some trends.
First, as far as the 2023 threat intelligence data used was concerned, the manufacturing industry was the most affected by cyberattacks, accounting for over 25% of all incidents, across the top 10 industries. Various qualitative conjectures have been submitted to explain why this could be so at the time of data collection, but they remain conjectures.
Second, data analyzed for the specific cohorts involved showed that phishing was cited by respondents as the top initial infection vector, followed by exploitation of public-facing applications. Attack distribution was 54% for the Asia Pacific region (APAC), 26% for Europe, and 12% and 5% for North and Latin America respondents respectively.
Other findings
The 2023 data showed a 56% increase in ransomware attacks involving extortion among the respondents. Additionally:
- A 266% increase in information-stealing malware (info stealers) was noted in the manufacturing industry in the 2023 data.
- An 88% surge in average ransom payments was observed in the manufacturing industry, reaching nearly US$2.4 million in the 2023 data.
According to Stu Sjouwerman, CEO, KnowBe4, the cyber training firm that provided its interpretations of the X-Force Threat Intelligence survey data for the manufacturing industry: “Manufacturing’s growing reliance on IT and Operational Technology systems, coupled with the increasing globalization of supply chains, has both increased the industry’s vulnerability and its attractiveness to threat actors… it is becoming clear that increasing awareness and providing robust training to recognize and prevent phishing and social engineering attempts is no longer just best practice — it is critical.”
Sjouwerman’s firm also used its own customer metrics to conclude in a manufacturing industry cyber trend report that, without proper cybersecurity training, employees in its manufacturing-industry user base were more prone to phishing tactics, especially those in organizations with more than 1,000 employees. This could mean that cybercriminals have a chance of successfully phishing almost four out of 10 employees in the manufacturing industry who have not been sufficiently trained.
*The IBM 2024 X-Force Threat Intelligence Report; a ReliaQuest report, and a Verizon report on data breaches
