Sophos presents the results of the latest State of Ransomware Report for the manufacturing industry. There is no relief in sight: Attacks are becoming more frequent and more sophisticated, while ransom demands have risen to an average of $1,2 million and recovery from an attack is taking longer and longer.
Cybercrime is one of the biggest business-damaging risks facing organizations across all industries. But there are definitely differences between the various market segments. In a global study, the cyber security company Sophos has determined how the threat posed by cyber gangsters is currently affecting the manufacturing industry.
Worrying stagnation
🔎 The increase in attacks is small, but the level remains very high (Image: Sophos).
The supposedly good news is that the proportion of manufacturing companies that have been attacked with ransomware has increased only slightly. 56 percent were attacked in the last year. In comparison: a year earlier it was 55 percent. While there are industries and sectors that are significantly more affected - the average across all industries is 66 percent - there is little reason to breathe a sigh of relief when more than one in two companies are being targeted by cybercriminals.
Many gateways in the industry
🔎 How attackers penetrate the company: Vulnerabilities and stolen credentials remain the biggest problems (Image: Sophos).
For the manufacturing industry, the crucial question is how cybercriminals get into the company and which attack tactics pose the greatest risks for this industry. The good news first: In the ranking of attack tactics, manufacturing companies have the potentially exploitable vulnerabilities comparatively well under control at only 24 percent. Across all industries, this attack tactic is significantly higher at 36 percent. The industry seems to have a greater challenge at 27 percent with the security of user data and passwords, which cybercriminals steal to gain access to the IT infrastructure.
According to the study, the manufacturing industry has a lot of catching up to do when it comes to defending against phishing attacks at 20 percent. Given that the cross-sector average is just 13 percent, it seems reasonable to assume that other sectors are doing a better job of educating their employees in this regard.
Attacks with serious consequences
🔎 The average ransom demand for industrial attacks is $1,2 million (Image: Sophos).
An attack on a company does not necessarily mean that the cybercriminals will be successful in deploying their ransomware and demanding a ransom. However, the trend for the manufacturing industry clearly shows that cybercriminals have upgraded their attacks and the technologies used. In the current study, 68 percent of the attacks are "successful" and only 27 percent were discovered and stopped in time. In the same period a year earlier, cybercriminals managed to encrypt data in 57 percent of their attacks and prevented 38 percent. Cybercriminals use “double dip” tactics to make matters worse. It also involves stealing the data before it is encrypted - a method that drives up the ransom and willingness to pay, as companies that can recover the data can still be blackmailed into disclosure.
The direct effects on the ransom demands are clearly comprehensible in the study. The median average ransom demanded in the manufacturing industry is $1.260.207 (€1.156.289). That's just a little lower than the average across all industries of $1.542.330 (€1.415.148). For comparison, a year earlier the overall average was significantly lower at $812.360 (€745.372).
Expensive system restoration
An attack on a company can be expensive not only if the company decides to pay the ransom, but also because of the additional follow-up costs of restoring the systems. Apart from the fact that once the ransom has been paid, there is no guarantee that all data can be recovered, repairing it costs a lot of time and money. In addition to the ransom, the manufacturing industry had to invest an average of $1.080.000 (€990.942) in restoration (the year before the average was $1.230.000 (€1.128.573)). The recovery almost doubles the total including the ransom. Despite the high sum, the manufacturing industry gets off comparatively lightly with the restoration costs. For example, in transportation, an average of $3.540.000 (€3.248.088) is required.
Decisive factor time
🔎 Recovery time has increased significantly (Image: Sophos).
The sums involved in ransom and recovery pose significant challenges for many companies across all industries. Due to the time it takes for the systems to run again and for the company to be operational, these become even more complex and sometimes endanger the existence of the company. Because a company that stands still loses a lot of money every hour and every day and also suffers a loss of image and reputation in the market - with partners and customers.
The largest variance in the current study compared to last year's results is the percentage of manufacturing companies that were able to recover from a cyberattack in less than a day. This percentage has fallen significantly to 9 percent (vs. 22 percent in the last survey). At the same time, the percentage of organizations that took more than a month to recover increased to 17 percent, compared to 10 percent a year earlier. This indicates that the overall effort required to restore business operations in this sector has increased.
Popular target: supply chains
Ransomware is the most common money-making threat. However, organizations should be aware that ransomware is always the final stage of a successful attack, which includes information theft, downloader trojans, cryptominers, and many other threats.
“The increased attacks on the supply chain play a special role. These attacks appear to be on the rise,” said John Shier, Field CTO Commercial at Sophos. “Supply chain breaches are very attractive to cybercriminals because they can give them access to multiple victims at once. As long as the cyber criminals can get money from this, these attacks will be effective for them and will continue. Companies should therefore not only ensure that they are prepared for direct attacks, but also that they are able to defend against attacks from trusted partners.”
Robust security from man and machine in a team
It is important for companies in all industries to implement robust security ecosystems. Since, in the case of complex threats, a purely mechanical and behavior-based detection and elimination of attacks is often no longer sufficient, the technological solutions with artificial intelligence or anomaly-based automatic response should be supplemented by highly specialized MDR teams (Managed Detection and Response) made up of IT security professionals. MDR Services combine technical security solutions with a team of experts specializing in prevention, early detection and damage repair. This team takes measures to eliminate not only the classic cyber threats, but above all the ever better camouflaged criminals sneaking around the network.
About the State of Ransomware study
From January to March, an independent market research institute, commissioned by Sophos, surveyed 3.000 managers in IT or cybersecurity in companies with 100 to 5.000 employees and at least 10 million sales in 14 countries. Among them were 363 production companies that provided information on their specific perspective on the cyber security situation.
More at Sophos.com
About Sophos More than 100 million users in 150 countries trust Sophos. We offer the best protection against complex IT threats and data loss. Our comprehensive security solutions are easy to deploy, use and manage. They offer the lowest total cost of ownership in the industry. Sophos offers award-winning encryption solutions, security solutions for endpoints, networks, mobile devices, email and the web. In addition, there is support from SophosLabs, our worldwide network of our own analysis centers. The Sophos headquarters are in Boston, USA and Oxford, UK.