Information-stealing malware makes up about a third of attacks, a study finds, but companies worry most about ransomware shutting down production.
Cybercriminals and attack groups continue to target manufacturers, with about one in five companies in the sector compromised in a successful attack, according to a survey published by security firm Morphisec this week.
The “Manufacturing Cybersecurity Threat Index” report consists of survey responses from 567 manufacturing employees and found that nearly a quarter of firms are attacked weekly, and more than a third are attacked every month. The numbers are likely conservative, as not all manufacturing employees are aware when a company is attacked.
While ransomware attacks have a significant impact on the business and so are often obvious to employees, the rise of attacks by infostealers — malware to find and exfiltrate valuable data — on manufacturing means that more subtle attacks are often overlooked, says Daniel Petrillo, director of security strategy and products at Morphisec.
“I think it illustrates that even today, there are still silos between IT and security teams and key business leaders,” he says. “More work needs to be done in the manufacturing sector to educate business leaders on the impact cyberattacks can have on business continuity, finances, and reputation.”
The report is the latest showing that the manufacturing sector faces a heightened threat landscape. A March report found that ransomware payments have nearly tripled, with manufacturing among the most targeted industries, which also include healthcare, information technology, and construction. A survey of 250 IT and 250 operational technology workers found that 61% of companies experienced a cybersecurity incident affecting their factories, and three-quarters of those incidents took production offline, according to another March report.