As we previously discussed, attacks against manufacturers are on the rise and not showing any signs of slowing down. The 2018 Verizon Data Breach Investigations Report found that social engineering attacks are the preferred method for these cybercriminals as 93% of all reported security breaches are a result from some form of phishing.
So why is the manufacturing industry so targeted? As we speak with manufacturers and hear about their struggles combating threats, there has been three recurring themes we hear from these organizations.
1. They possess valuable information
Manufacturers possess tons of valuable information, such as trade secrets and intellectual property. These are forms of information cybercriminals want to get their hands on to be able to sell to “interested parties” (ie competitors) or on the dark web. The 2017 Verizon Data Breach Investigations Report found that 91% of all breaches within manufacturing involved stealing this type of information.
2. They have complex supply chains
Manufacturers have complex and interconnected supply chains. From transportation partners, IT vendors, to distribution centers, all of these organizations come together making up the supply chain. And hackers know that within most supply chains, there is a weak link. This could be the logistics partner, the distribution center, or in the case of the Target breach, it could be the HVAC vendor. Once the hackers get into the supply chain, they can navigate their way to the manufacturer and wreak havoc.
3. They lack resources to effectively protect their organization
Finding good people is always hard, especially highly skilled cybersecurity staff. In fact, it is estimated that by 2022, there will be a deficit of 1.8 million infosec jobs. This problem is across verticals but can certainly apply to manufacturers, especially small to mid-sized organizations. Manufacturers that either rely on their IT team to protect them from complex threats or organizations with small infosec teams tend to wear multiple hats and are extraordinarily busy. When you combine this with the fact that small to mid-size manufacturers are attacked most frequently, it makes it difficult for the IT and security staff to do their jobs effectively. According to Symantec’s 2018 ISTR, manufacturing organizations with 500 - 2500 employees were targeted the most with malware, phishing, and business email scams. Again, hackers know the weak links and exhaust these organizations with attacks.
Interested in learning how Graphus® protects a manufacturing customer from social engineering attacks? Read the case study by clicking on the button below.