KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, has released its “Manufacturing: Maintaining Stability As Cyber Threats Explode in Volume and Sophistication” report. The report examines the state of cybersecurity in the manufacturing industry, tactics being deployed by cybercriminals, and what organizations can do to safeguard against them.
The manufacturing industry is reportedly the most affected by cyber attacks, accounting for over 25% of all incidents, across the top 10 industries, of which 45% are malware attacks. The industry has become increasingly attractive to cybercriminals in recent years due to its interconnected nature – relying heavily on various elements, from raw materials to transportation; its vulnerability – having a low tolerance for downtime, and valuable intellectual property stored in its databases, which could save competitors millions if obtained.
Some interesting highlights from the report include:
- Phishing is cited as the top initial infection vector, followed by exploitation of public-facing applications.
- Asia-Pacific emerged as the prime target for cyber attacks in 2023, accounting for over half (54%) of all reported incidents.
- Europe followed as the second most targeted region, with 26% of cyber attacks, while North America and Latin America experienced 12% and 5% respectively.
- An alarming 56% increase in ransomware attacks involving extortion was observed in the industry, highlighting a growing trend in cybercriminal tactics.
- Manufacturing experienced a 266% rise in information stealing malware being injected into systems, designed to steal logins and other credentials for email, social media and messaging accounts, banking details, etc.
- The manufacturing industry faced a dramatic 88% surge in average ransom payments, reaching nearly $2.4 million in the last year.
- According to KnowBe4’s 2024 Phishing by Industry Benchmarking Report, small manufacturing organizations fared well against the baseline of 34%. With no security training, the Phish-proneTM Percentage of these organizations with less than 250 employees was 27.9%, well below average. In companies with more than 1,000 employees, the opposite was true – with no security training, 37.5% of employees tested clicked on a bad link in a phishing email. This means that cybercriminals have a chance of successfully phishing almost 4 out of 10 employees in the manufacturing industry.
“Manufacturing’s growing reliance on IT and OT systems, coupled with the increasing globalization of supply chains, has both increased the industry’s vulnerability and its attractiveness to threat actors,” says Sjouwerman, CEO of KnowBe4. “As we navigate these challenges, it is becoming clear that increasing awareness and providing robust training to recognize and prevent phishing and social engineering attempts is no longer just best practice – it is critical. These efforts are essential not only for individual organizations, but for maintaining stability across the global manufacturing industry and ensuring the uninterrupted flow of goods to consumers and businesses worldwide.”
The report features examples of recent attacks across North America, Europe, Asia and Oceania. The “Manufacturing: Maintaining Stability As Cyber Threats Explode in Volume and Sophistication” report serves as a wake-up call for the industry. As cyber threats continue to evolve, so must our defenses.
To download a copy of KnowBe4’s Manufacturing Report, click here.
