A cybersecurity incident will cost the Brunswick Corporation as much as $85 million, the company’s CEO told investors last week.
The billion-dollar boating manufacturing firm announced a cyberattack on June 13 that impacted their systems and some of their facilities. The company brought in nearly $6 billion in revenue in 2021 and operates in 24 countries.
Brunswick officials did not confirm that the incident was a ransomware attack but said they were forced to stop operations in some locations while experts and law enforcement dealt with the incident.
During the company’s earnings call last week, CEO Dave Foulkes told investors and board members that the attack had a devastating effect on the company’s Q2 financial outlook.
Foulkes explained that the “IT security incident” caused “second quarter financial results that were lower than initial expectations.” After announcing the incident, it took the company nine days to get back up and running — critical time lost for a manufacturing company of Brunswick’s size.
I am regularly inundated with cybercrime reports, and they all have at least two data points in common: ransomware is one of the most popular attack types used by threat actors (read: cybercriminals), and the manufacturing industry is one of the most popular targets for ransomware attacks.
Verizon’s 2023 Data Breach Investigations Report (DBIR) contains a wealth of well-presented information including explainers for anyone interested in cybersecurity, and it validates these points. Ransomware was present in 15.5% of all cybercrime incidents included in the study, with only denial of service (DoS) attacks topping it on the list. And where an incident resulted in a successful breach, 24% of those breaches involved a ransomware attempt, second only to use of stolen credentials.
Manufacturing, according to the DBIR, saw the fourth-largest number of incidents behind the public administration, information and finance industries, in that order. And these cybercriminals don’t have political or social motives, they just want cash. Financial motivations dictated a whopping 96% of bad actors’ motives when they attacked the manufacturing sector.
Why is the manufacturing sector so popular a target?
Cybersecurity reports on industrial cybercrime often imply that these are fresh threats, raising another question: How long has this gone on? Is this actually new or is there hype at play (considering the companies presenting these reports usually have cybersecurity products on offer)?
Manufacturers Often Pay Ransoms
A big reason why manufacturing is such a target: Manufacturers often pay when attacked because even small incursions can have huge repercussions.
The larger the constituency affected by a ransomware attack, the more likely a victim pays ransoms. In manufacturing, a successful attack may cause tremendous and cascading amounts of damage if it targets critical plant equipment. Supply chain fragility creates long-reaching ripple effects when cyberattacks succeed on these targets. Taking a few production lines down for even a few days could have serious effects on meeting production and distribution targets.
“If a manufacturing line is brought down, there’s an immediate impact to a larger audience. Consider the impact to customers that an attack on Colonial Pipeline caused. To avoid impact to their customers, and to keep the service level agreements that manufacturers have with their supply chain, they have been known to agree to pay the ransom, which encourages bad guys to target them more,” says Ryan Cloutier, president of SecurityStudio.
Swedish-Swiss robotics and automation major ABB Ltd. recently faced a cybersecurity incident that disrupted operations. The Zurich-headquartered company – which was until 2020, Switzerland’s largest industrial employer, says that the security incident directly affected certain locations and systems and that work is in progress to contain the same.
Eike Christian Meuter, group spokesperson at ABB, tells ETCISO that to address the situation, the company “has taken, and continues to take, measures to contain the incident.”
These measures, he says, resulted in some disruptions to its operations which the company is addressing. “The vast majority of its systems and factories are now up and running and ABB continues to serve its customers in a secure manner,” says Meuter.