Outsourcing Cybersecurity & The Fight Against Ransomware
In the ‘State of Cyber Defense: Manufacturing Cyber Resilience report’ released recently by Kroll Cyber Risk business, ransomware was identified by 34% of industry professionals as their biggest concern.
This is despite the fact that business email compromise is a more frequent threat.
“The threat we see the industry facing most often – BEC – is difficult to manage in that it can target multiple departments, from HR to finance," says Laurie Iacono, North America Threat Intel Lead, Cyber Risk at Kroll.
“Having control and visibility over vast networks can be challenging, especially when a company needs to rely on its employees as its first line of defence."
Ransomware is arguably the most damaging form of cyberattack, having a profound financial, legal and operational impact on organisations.
Nowhere is this more prominent than in the manufacturing sector, where it’s the top threat for 34% of organisations, making it the second most targeted industry after healthcare.
Cybercriminals know downtime and disruption have a profound financial cost for the sector, causing delayed production schedules, compromised product quality and missed delivery deadlines.
All of these factors make manufacturers more likely to pay up to regain control of their systems.
They also know they have a higher likelihood of causing long-term damage, with 50% of ransomware attacks towards manufacturers causing serious operational disruptions.
The average cost of downtime due to ransomware attacks is estimated to be around US$250,000 per hour.
The average cost of recovery from a ransomware attack in the manufacturing industry is estimated to be around US$1.52m, though it can be far higher than this.
Norsk Hydro, a global aluminium manufacturer, suffered a ransomware attack in 2019 that cost them more than US$40m in lost revenue, productivity and data.
An unfortunate factor heightening manufacturers' vulnerabilities to cyberattacks is the implementation of IIoT and the rise of interconnected systems.
When embracing new technological frontiers, it’s critical to remember that this isn’t just a new opportunity for manufacturers.
It's also a new opportunity for the threat actors that seek to compromise them.
Cybercriminals are by their very nature opportunistic and adaptive, constantly evolving to bypass advanced cybersecurity protections, compromise new devices and exploit emerging technologies.
For this reason, it's essential manufacturers implement robust cybersecurity protections and practices across their organisation when implementing IIoT.
Visibility across departments and systems is critical, as organisational cybersecurity is ultimately a community aim and responsibility.
Manufacturing operations today are complex, with substantial opportunities for compromise.
“While many industries can have sprawling or siloed networks, the scale of modern manufacturing businesses is immense;” says Laurie.
“Today’s manufacturers can operate millions of interconnected systems and services reliant on an IT infrastructure that is especially susceptible to cyberattack."
- 88% of manufacturing firms outsource some IT security services, with only 12% managing everything in-house, compared to 23% of all respondents
- Despite progress, 25% of manufacturing respondents still only have basic security capabilities like monitoring
- Manufacturing firms lead in threat detection and response, with 11% categorised as Trailblazers, versus the 4% average
- Manufacturing organisations typically have smaller IT security teams and fewer security platforms, often relying on outsourcing
- Email compromise is the most common threat, representing nearly half (49%) of incidents, with phishing links being the primary method of initial access
As is evident above, manufacturers are dedicating time, money and effort into improving their cybersecurity posture.
The higher percentage of companies recognised as threat detection trailblazers speaks to this, as do figures surrounding cybersecurity investment.
Global spending in the area by the manufacturing sector is set to soar to US$18bn by 2025, up from US$10bn in 2020.
Another notable statistic is how many manufacturers rely on outsourcing their cybersecurity due to smaller internal teams and resources.
Laurie notes the surface contradiction here, emphasizing how this highlights the benefits of outsourcing to cybersecurity.
“It is interesting that an industry that utilises the most mature threat detection and response capabilities also outsources the most,” she says.
“This speaks to many of the benefits of outsourcing in that one can access and manage best-of-breed security protection relatively easily.”
For manufacturers to stay secure they must stay engaged and aware, constantly upping and evolving their level of security.
Outsourcing provides a critical means to do so- and perhaps is part of why manufacturers are leading in threat detection.
Manufacturers must remain vigilant against ransomware, and all other cybersecurity threats, as they pursue the best methods to enhance their overall cybersecurity posture.
******
Make sure you check out the latest edition of Manufacturing Digital and also sign up to our global conference series - Procurement & Supply Chain 2024 & Sustainability LIVE 2024
******
Manufacturing Digital is a BizClik brand.
- Sophos’ report explores ransomware’s impact on manufacturingTechnology
- How manufacturers can safeguard from ransomware attacksProcurement & Supply Chain
- What manufacturers must consider when looking at the cloudProcurement & Supply Chain
- Manufacturing sector most impacted by global sanctions and tariffsSmart Manufacturing