Cyberattacks continued to plague businesses in 2021, but companies in the manufacturing sector took most of the brunt, a new report from IBM has found.
IBM has noted in its latest iteration of its Security X-Force Threat Intelligence Index that manufacturing had outpaced finance and insurance in the number of cyberattacks suffered for 2021 – the sector’s first time in five years. The tech company noted that cyberattacks launched against manufacturers have further extended current global supply chain woes, and ransomware gangs have capitalized on operational stressors that have been made worse thanks to the pandemic.
In the US and Canada, cyberattacks against manufacturers represented 28% of all cyberattacks in the North American region in 2021. By comparison, IBM said that the second-highest targeted sector, professionals and business services, was the target of 15% of cyberattacks in 2021, and in third place, retail and wholesale accounted for 11% of all cyberattacks last year.
Manufacturing was not just the most cyber attacked industry in North America, but also in Europe (25%) and Latin America (22%). Meanwhile, finance and insurance were the top industry victims of cyberattacks in 2021 for Asia (30%) and the Middle East and Africa (48%) regions.
In a breakdown of the types of vectors used to launch cyberattacks against the manufacturing industry, IBM said that 47% of the vectors involved a vulnerability exploitation by hackers, while another 40% involved phishing attacks against employees. The remaining vectors include using infected removable media (7%), stolen credentials (3%), and brute force entry (3%).
IBM also noted in its report that about one in four (23.2%) cyberattacks on the manufacturing sector are from ransomware.
To mitigate the impact of these cyber risks and better secure networks against threat actors, IBM has recommended that organizations develop a response plan for ransomware; implement multifactor authentication on remote access points to a network; adopt a layered approach that combines user education, email software security, malware detection, etc. to combat phishing; and refine their vulnerability management system.