Verizon: Increase in Error-Related Breaches in Manufacturing
Verizon Business has announced the results of its 17th annual Data Breach Investigations Report. This report, which analysed 8,302 security incidents in Europe, Africa and the Middle East (EMEA) has highlighted a rise in error-related breaches across industries including global manufacturing.
The report found that more than 72% of security breaches are confirmed breaches, with 49% being initiated internally, indicating high incidences of human errors and privilege misuse. The top causes of cybersecurity incidents were social engineering, miscellaneous errors and system intrusion, accounting for 87% of all breaches.
The most common type of compromised data is personal data, rather than internal data or user credentials. This highly sensitive information is desirable to cyber criminals because they can use it to successfully extort companies. Manufacturing remains the most attacked industry sector due to its possession of sensitive data and disjointed security infrastructure.
Globally it was found that 14% of breaches emerged due to exploited vulnerabilities, increasing since last year. This spike can be explained by the increasing number of ransomware actors engaging in zero-day exploits. A notable example of this is the MOVEit breach, a widespread exploitation of a zero-day vulnerability.
“The exploitation of zero-day vulnerabilities by ransomware actors remains a persistent threat to enterprises, due in no small part to the interconnectedness of supply chains,” said Alistair Neil, EMEA Senior Director of Security, Verizon Business “Last year, 15% of breaches involved a third party, including data custodians, third-party software vulnerabilities, and other direct or indirect supply chain issues.”
According to the Known Exploited Vulnerabilities (KEV) catalogue by the Cybersecurity Infrastructure and Security Agency (CISA) shows that it takes organisations 55 days on average to remediate half of their critical vulnerabilities following available patches. Meanwhile, the median time for detecting mass exploitations of known vulnerabilities online is only five days.
AI has not contributed to security vulnerabilities and threats to the extent some experts had predicted. Though AI’s use to socially engineer sensitive corporate data is a growing concern, threat actors haven’t yet had to advance this approach due to companies not addressing existing vulnerabilities. The vast majority of breaches, 68%, involve a non-malicious human action. These include people falling prey to social engineering or making an error. A remedy to this has been improved reporting practices. In the Verizon report, 20% of users identified and reported phishing in simulations.
- Top patterns include system intrusion, social engineering and basic web application attacks represent 83% of breaches
- Actor motives were financial (97%), espionage (3%)
- Top patterns include system intrusion, social engineering and basic web application attacks represent 83% of breaches
- Data compromised of credentials (28%), other (40%), personal (58%), internal (25%)
- There were 2,305 incidents, 805 with confirmed data disclosure
- Manufacturing has seen an increase in error-related breaches. The installation of malware after hacking via the use of stolen credentials is commonplace.
“The persistence of the human element in breaches shows that organisations in EMEA must continue to combat this trend by prioritising training and raising awareness of cybersecurity best practices. However, the increase in self-reporting is promising and indicates a cultural shift in the importance of cybersecurity awareness among the general workforce” said Sanjiv Gossain, EMEA Vice President, Verizon Business.
The solution? Manufacturing needs to enhance its cybersecurity posture, developing meaningful strategies to mitigate its risks and pursue digital transformation safely and effectively.
******
Make sure you check out the latest edition of Manufacturing Digital and also sign up to our global conference series - Procurement & Supply Chain 2024 & Sustainability LIVE 2024
******
Manufacturing Digital is a BizClik brand.