If you think banks, insurers and credit card companies are the only enterprises that need worry about cybersecurity, think again.
Ransomware attacks increased significantly last year, with criminal groups specifically identifying manufacturers as vulnerable and profitable targets. In 2021, manufacturing accounted for 65 percent of industrial ransomware incidents, according to Peter Vescuso, vice president of marketing at industrial cybersecurity provider Dragos and a member of the Manufacturing Leadership Council, a division of the National Association of Manufacturers (NAM) focused on digital transformation.
The top three manufacturing subsectors targeted by ransomware attacks were metal components, automotive and plastics. Manufacturers as a group were targeted six times as often as the second leading industrial sector, food and beverage companies.
Ransomware schemes target manufacturers by disabling their operations technology and blackmailing victims into paying to restore the functionality of their systems. Manufacturers that cannot afford to have production halted by hacks often have no choice but to pay the hackers’ ransom.
In 2021, ransomware groups Conti and Lockbit 2.0 caused 51 percent of all ransomware attacks, and 70 percent of their attacks targeted manufacturers. These groups successfully developed malicious business models and used underground marketplaces to outsource operations to partners who then carried out the attacks. Ransomware groups also fund research and development to stay ahead of the curve on security and infiltrate systems.
Hackers target manufacturers precisely because they are vulnerable. About 90 percent of manufacturers have limited visibility into their OT systems, according to Dragos. What’s more, 90 percent of manufacturers have poor network perimeters, 80 percent have external connectivity exposure in their OT systems, and 60 percent use shared credentials that make it easier for ransomware groups to infiltrate systems.
“Ransomware trends are likely to continue shifting as groups reform and reprioritize and as law enforcement pursues them and takes them offline,” says Vescuso. “As this evolution continues to evolve, Dragos analysts believe…that ransomware will continue to disrupt all industrial operations and OT environments through 2022, in manufacturing and beyond.”
To protect against ransomware attacks, manufacturers must take steps to modernize and secure their IT and OT systems. Manufacturers might also want to check out Cyber Cover, a cybersecurity and risk mitigation program launched by NAM in 2020. The program was developed in partnership with AHT Insurance and Coalition, which specializes in underwriting cyber and technology insurance.
Manufacturers are deploying advanced technologies that are transforming what they make and how they make it. However, digitization is also creating created new and unprecedented risks. Don’t get stung. Protect your assembly plant and computer networks now.