Ironically for a segment steeped in innovation and technology, the manufacturing sector is the “least mature” when it comes to developing and maintaining security measures against ransomware, a new report from cybersecurity company Dragos has found.
Dragos’ “2021 Industrial Cybersecurity Year In Review” report found that in 2021 ransomware became the number one attack vector in the industrial sector. The company observed a surge in ransomware incidents targeting industrial control systems (ICS) and operational technology (OT) networks last year, with the manufacturing vertical receiving 65% of all ransomware attacks.
The report also found that two ransomware groups – Conti and Lockbit 2.0 – caused 51% of all ransomware attacks last year, with 70% of their malicious activity centred on manufacturing businesses.
Dragos’ report confirms the findings of another separate study by IBM, which was also released recently.
Dragos also offered a detailed breakdown of which manufacturing subsectors were hit the most by ransomware. Manufacturers involved in metal components were the most targeted by malware attempts, followed by those in automotive, plastics/technology (tie), packaging, and textiles.
According to Dragos’ researchers, the manufacturing vertical was the most exposed to ransomware because it was “often the least mature in their OT security defenses.” The report went on to note that many manufacturing organizations have glaring vulnerabilities, such as limited visibility into the infrastructure, fail to correctly segment network perimeters, have many devices with an external connection, and they have a large percentage of shared credentials between the enterprise network (IT) and the OT environment.
