I am regularly inundated with cybercrime reports, and they all have at least two data points in common: ransomware is one of the most popular attack types used by threat actors (read: cybercriminals), and the manufacturing industry is one of the most popular targets for ransomware attacks.
Verizon’s 2023 Data Breach Investigations Report (DBIR) contains a wealth of well-presented information including explainers for anyone interested in cybersecurity, and it validates these points. Ransomware was present in 15.5% of all cybercrime incidents included in the study, with only denial of service (DoS) attacks topping it on the list. And where an incident resulted in a successful breach, 24% of those breaches involved a ransomware attempt, second only to use of stolen credentials.
Manufacturing, according to the DBIR, saw the fourth-largest number of incidents behind the public administration, information and finance industries, in that order. And these cybercriminals don’t have political or social motives, they just want cash. Financial motivations dictated a whopping 96% of bad actors’ motives when they attacked the manufacturing sector.
Why is the manufacturing sector so popular a target?
Cybersecurity reports on industrial cybercrime often imply that these are fresh threats, raising another question: How long has this gone on? Is this actually new or is there hype at play (considering the companies presenting these reports usually have cybersecurity products on offer)?
Manufacturers Often Pay Ransoms
A big reason why manufacturing is such a target: Manufacturers often pay when attacked because even small incursions can have huge repercussions.
The larger the constituency affected by a ransomware attack, the more likely a victim pays ransoms. In manufacturing, a successful attack may cause tremendous and cascading amounts of damage if it targets critical plant equipment. Supply chain fragility creates long-reaching ripple effects when cyberattacks succeed on these targets. Taking a few production lines down for even a few days could have serious effects on meeting production and distribution targets.
“If a manufacturing line is brought down, there’s an immediate impact to a larger audience. Consider the impact to customers that an attack on Colonial Pipeline caused. To avoid impact to their customers, and to keep the service level agreements that manufacturers have with their supply chain, they have been known to agree to pay the ransom, which encourages bad guys to target them more,” says Ryan Cloutier, president of SecurityStudio.