In a recent sectoral survey report released by global cybersecurity leader Sophos, titled “The State of Ransomware in Manufacturing and Production 2023,” a disturbing trend has been identified as ransomware attacks on the manufacturing sector have reached their highest reported encryption rate in the past three years.
According to the survey, more than two-thirds (68%) of ransomware attacks against manufacturing organizations successfully encrypted critical data, leading to disruptions, data loss, and financial strain on the companies affected. This concerning figure is part of a broader cross-sector trend, indicating that attackers are increasingly succeeding in encrypting data across various industries.
The report highlights that while the percentage of manufacturing organizations using backups to recover their data has increased to 73% this year from 58% in the previous year, the sector still experiences one of the lowest data recovery rates. Despite the encouraging trend of using backups, recovery times in the manufacturing industry have grown longer compared to the previous year.
John Shier, Sophos’ field Chief Technology Officer, emphasized the importance of using backups as a primary recovery mechanism to promote faster recovery. He cautioned against paying ransoms, as the survey data revealed that doing so could double the costs of recovery. With 77% of manufacturing organizations reporting lost revenue after a ransomware attack, avoiding this added cost burden becomes essential. Shier stressed that early detection and response should be prioritized to mitigate the impact of ransomware attacks.
The extended recovery times experienced by the manufacturing sector are a cause for concern, as the report points out. Sophos’ Active Adversary reports, based on incident response cases, consistently show that the manufacturing sector requires the most assistance in recovering from attacks. The longer recovery duration negatively impacts IT teams, with 69% reporting that addressing security incidents consumes too much time, preventing them from working on other critical projects.
As part of its efforts to raise awareness about ransomware threats, Sophos has released a three-part documentary series titled “Think You Know Ransomware?” The series includes a detailed look at a large-scale ransomware attack against a major manufacturing company, Norsk Hydro, a leading aluminum production company. The interviews with the chief information security officer of Norsk Hydro shed light on the aftermath and investigation of the attack, offering valuable insights for other organizations.
In response to the survey findings, Sophos experts have recommended several best practices to enhance cybersecurity measures for manufacturing organizations and across all sectors:
- Strengthen defensive shields with robust security tools that can defend against common attack vectors, including endpoint protection with strong anti-exploit capabilities to prevent exploitation of vulnerabilities, and Zero Trust Network Access (ZTNA) to thwart the abuse of compromised credentials.
- Implement adaptive technologies that respond automatically to attacks, disrupting adversaries and providing defenders with valuable time to respond effectively.
- Maintain 24/7 threat detection, investigation, and response, either through in-house capabilities or by engaging a specialist Managed Detection and Response (MDR) provider.
- Optimize attack preparation, which includes regular backups, practicing data recovery from backups, and maintaining an up-to-date incident response plan.
- Emphasize good security hygiene, such as timely patching and periodic review of security tool configurations.
The full report “The State of Ransomware in Manufacturing and Production” can be downloaded from Sophos.com for those seeking a more in-depth understanding of the survey’s results.
The survey, which polled 3,000 IT/cybersecurity leaders in organizations with between 100 and 5,000 employees across 14 countries in the Americas, EMEA, and Asia Pacific, serves as a crucial reminder of the growing ransomware threat faced by the manufacturing sector. With attacks becoming more sophisticated and damaging, it is imperative for organizations to remain vigilant and adopt robust cybersecurity practices to safeguard their operations, data, and financial well-being.