Verizon: Increase in Error-Related Breaches in Manufacturing

Verizon report highlights rise in error-related breaches in supply chain manufacturing, highlighting security vulnerabilities of digital transformation

Verizon Business has announced the results of its 17th annual Data Breach Investigations Report. This report, which analysed 8,302 security incidents in Europe, Africa and the Middle East (EMEA) has highlighted a rise in error-related breaches across industries including global manufacturing.

The report found that more than 72% of security breaches are confirmed breaches, with 49% being initiated internally, indicating high incidences of human errors and privilege misuse.  The top causes of cybersecurity incidents were social engineering, miscellaneous errors and system intrusion, accounting for 87% of all breaches.

The most common type of compromised data is personal data, rather than internal data or user credentials. This highly sensitive information is desirable to cyber criminals because they can use it to successfully extort companies. Manufacturing remains the most attacked industry sector due to its possession of sensitive data and disjointed security infrastructure. 

Globally it was found that 14% of breaches emerged due to exploited vulnerabilities, increasing since last year. This spike can be explained by the increasing number of ransomware actors engaging in zero-day exploits. A notable example of this is the MOVEit breach, a widespread exploitation of a zero-day vulnerability.

“The exploitation of zero-day vulnerabilities by ransomware actors remains a persistent threat to enterprises, due in no small part to the interconnectedness of supply chains,” said Alistair Neil, EMEA Senior Director of Security, Verizon Business “Last year, 15% of breaches involved a third party, including data custodians, third-party software vulnerabilities, and other direct or indirect supply chain issues.”

According to the Known Exploited Vulnerabilities (KEV) catalogue by the Cybersecurity Infrastructure and Security Agency (CISA) shows that it takes organisations 55 days on average to remediate half of their critical vulnerabilities following available patches. Meanwhile, the median time for detecting mass exploitations of known vulnerabilities online is only five days. 

AI has not contributed to security vulnerabilities and threats to the extent some experts had predicted. Though AI’s use to socially engineer sensitive corporate data is a growing concern, threat actors haven’t yet had to advance this approach due to companies not addressing existing vulnerabilities. The vast majority of breaches, 68%, involve a non-malicious human action. These include people falling prey to social engineering or making an error. A remedy to this has been improved reporting practices. In the Verizon report, 20% of users identified and reported phishing in simulations.

Verizon Report: Supply Chain Manufacturing's Cybersecurity Stats
  • Top patterns include system intrusion, social engineering and basic web application attacks represent 83% of breaches
  • Actor motives were financial (97%), espionage (3%)
  • Top patterns include system intrusion, social engineering and basic web application attacks represent 83% of breaches
  • Data compromised of credentials (28%), other (40%), personal (58%), internal (25%)
  • There were 2,305 incidents, 805 with confirmed data disclosure
  • Manufacturing has seen an increase in error-related breaches. The installation of malware after hacking via the use of stolen credentials is commonplace.

“The persistence of the human element in breaches shows that organisations in EMEA must continue to combat this trend by prioritising training and raising awareness of cybersecurity best practices. However, the increase in self-reporting is promising and indicates a cultural shift in the importance of cybersecurity awareness among the general workforce” said Sanjiv Gossain, EMEA Vice President, Verizon Business.

The solution? Manufacturing needs to enhance its cybersecurity posture, developing meaningful strategies to mitigate its risks and pursue digital transformation safely and effectively. 

Make sure you check out the latest edition of Manufacturing Digital and also sign up to our global conference series - Procurement & Supply Chain 2024 & Sustainability LIVE 2024
Manufacturing Digital is a BizClik brand.


Featured Articles

PwC: Here’s how Manufacturers can Effectively Implement AI

PwC’s whitepaper, with insights from GMIS Head Badr Al-Olama, gives manufacturers a framework for strategic AI implementation throughout the value chain

Immensa and Intaj Suhar partner to boost Omani manufacturing

MENA’s leading digital manufacturer Immensa has partnered with Intaj Suhar to enhance Oman’s localised manufacturing through digital inventory solutions

Bain & Company Report: OEMs and Digital Transformation

Bain & Company report urges original equipment manufacturers to embrace digital solutions and shift to a customer-focused mindset to stay competitive

The Factory of the Future: Manufacturers' Biggest Challenges

Smart Manufacturing

Dassault Systèmes Bring AR Manufacturing Showcase to London

Smart Manufacturing

Join Belden for a Free Webinar on Connected Plant Floor Data

Production & Operations