The Rising Cyber Threats in Manufacturing: Insights from Black Kite’s 2024 Report
In an era where digital transformation is reshaping industries, the manufacturing sector finds itself at a crossroads. With the rapid adoption of technology, manufacturing companies are increasingly becoming prime targets for cybercriminals. A recent report by Black Kite, a leading provider of third-party cyber risk intelligence, sheds light on this pressing issue. Titled "The Biggest Third-Party Risks in Manufacturing," the report reveals alarming statistics that underscore the vulnerabilities within this critical sector.
A Deep Dive into the Report
The Black Kite Research Team (BRITE) conducted an extensive analysis of nearly 5,000 companies across ten sub-categories in the manufacturing industry. The findings are striking: 80 percent of manufacturing companies have critical vulnerabilities that expose them to high risks of exploitation. This statistic serves as a wake-up call for an industry that plays a pivotal role in global supply chains.
The Impact of Digital Transformation
The manufacturing sector has undergone rapid digital transformation in recent years, leading to an expanded attack surface that cybercriminals are eager to exploit. As companies integrate advanced technologies into their operations, the defense strategies employed have not kept pace. This gap in cybersecurity measures makes manufacturing firms particularly vulnerable to attacks, which can result in cascading operational disruptions, financial losses, and significant reputational damage.
Ransomware: A Growing Threat
According to the report, manufacturing was the top industry victimized by ransomware attacks from April 2023 to March 2024, with over 1,000 confirmed victims. The industrial machinery manufacturing sub-sector topped the list, followed closely by motor vehicle parts manufacturing and pharmaceutical and medicine manufacturing. This trend highlights the urgent need for enhanced cybersecurity measures within the industry.
Key Findings from the Report
The report presents several critical findings that illustrate the state of cybersecurity in manufacturing:
-
Exposed Credentials: A staggering 69 percent of companies analyzed had exposed credentials in the last 90 days.
-
Known Exploited Vulnerabilities: 67 percent of manufacturing companies had vulnerabilities listed in the CISA known exploited vulnerabilities (KEV) catalog, while 62 percent were found to have broken cryptographic algorithms.
-
Web Application Vulnerabilities: Although many manufacturers applied good application security practices, 30 percent still had critical vulnerabilities in their web applications that could be exploited by threat actors.
- Poor Patch Management: The report highlighted pervasive issues with patch management, revealing that 94 percent of companies in the furniture and related product manufacturing sub-industry scored a D or F, indicating that most assets are running vulnerable or outdated products.
Ransomware Susceptibility Index® (RSI™)
To further assess the risk of ransomware attacks, Black Kite introduced the Ransomware Susceptibility Index® (RSI™). This innovative tool collects data from various open-source intelligence sources, including internet scanners, hacker forums, and deep/dark web sources. By employing machine learning, Black Kite correlates this data with a company’s existing security controls to estimate the potential risk of ransomware attacks.
The RSI score ranges from 0.0 (lowest probability) to 1.0 (highest probability), providing companies with a clear understanding of their vulnerability. Alarmingly, every sub-industry examined in the report averaged an RSI score of 0.4 or greater, categorizing them as critical and indicating they are 3.4 times more likely to experience a ransomware attack. Notably, over 60 percent of companies in both chemical manufacturing and transportation and equipment manufacturing fell into this critical category.
Conclusion
The findings from Black Kite’s 2024 report serve as a crucial reminder of the vulnerabilities that plague the manufacturing sector. As companies continue to embrace digital transformation, the need for robust cybersecurity measures has never been more pressing. With a significant percentage of manufacturing firms exposed to critical vulnerabilities, it is imperative for industry leaders to prioritize cybersecurity and take proactive steps to mitigate risks.
For more in-depth insights and to explore the full report, you can visit the Black Kite blog. The time to act is now, as the stakes have never been higher in safeguarding the future of manufacturing against cyber threats.