Virtualization Technology News and Information
Article
RSS
Black Kite Research Reveals that 80% of Manufacturing Companies Have Critical Vulnerabilities

Black Kite published the 2024 report: The Biggest Third-Party Risks in Manufacturing, which revealed that a staggering 80% of manufacturing companies have critical vulnerabilities putting them at high risk for exploitation. In creating the report, the Black Kite Research Team (BRITE) examined nearly 5,000 companies across 10 sub-categories in the manufacturing industry, exploring the third-party risk landscape and the impacts of cyberattacks within the sector. 

Rapid digital transformation in recent years has made manufacturing organizations prime targets for cyber attacks. Threat actors know that defense strategies have not kept pace with the rapidly expanding attack surface and these companies play critical roles within global supply chains. Attacks within manufacturing can result in cascading operational disruption and financial and reputational damage. When considering the potential for impact and the sector's vulnerable state, it is no surprise that, according to Black Kite data, manufacturing was the top industry victimized by ransomware attacks over the analyzed one-year time period (April 2023-March 2024), with more than 1,000 victims confirmed. Industrial machinery manufacturing tops the list of ransomware victims in the space, followed by motor vehicle parts manufacturing, and pharmaceutical and medicine manufacturing. 

"Due to its critical nature, the manufacturing industry is a prime target for bad actors to exploit. Although these organizations have invested substantially in protecting physical and operational technology, their expanding digital footprints are a point of weakness that must be addressed," said Ferhat Dikbiyik, chief research and intelligence officer at Black Kite. "Organizations in this sector need to immediately take note of their high risk and fortify their cyber defenses to mitigate the chances of becoming the next ransomware statistic." 

A significant portion of the report highlights the top risks that are most often present when companies are compromised. Some of these findings include:

  • 69% of companies analyzed have exposed credentials in the last 90 days.
  • A significant portion of manufacturing companies have also had vulnerabilities from the CISA known exploited vulnerabilities (KEV) catalog (67%) and broken crypto algorithms (62%).
  • Most manufacturers analyzed applied good application security practices; however, 30% of companies have critical vulnerabilities in web applications that threat actors can exploit.
  • Poor patch management is pervasive across the industry; 94% of companies in the furniture and related product manufacturing sub-industry scored a D or F in patch management, which means most of tier assets are running vulnerable or out-of-date products.

"It is important to note that in manufacturing, many systems are integral to the production process and cannot be easily updated without potentially impacting operations. However, this does not justify exposing these systems to the internet, where they can become easy targets for cyberattacks," Dikbiyik said. "Unfortunately, the machines we observed were indeed exposed, heightening the security risks for these organizations."

The report also ranks manufacturing companies' probability of a ransomware attack occurring using Black Kite's Ransomware Susceptibility Index (RSI). Black Kite collects data from open source intelligence sources (OSINT) - internet scanners, hacker forums and sources on the deep/dark web and more - and then uses machine learning to make correlations with a company's existing security controls to approximate potential risk for ransomware attacks. With its RSI score, a company can know the likelihood of an attack in minutes on a scale that ranges from 0.0 (lowest probability) to 1.0 (highest probability). 

According to the report, every sub-industry in manufacturing examined averaged a 0.4 or greater RSI score, placing them in the critical category, meaning they are 3.4 times more likely to experience a ransomware attack. The risk is significantly higher in many subcategories. For instance, more than 60% of companies in both chemical manufacturing and transportation and equipment manufacturing fell into the critical category. 

Published Wednesday, October 02, 2024 8:55 AM by David Marshall
Filed under: ,
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<October 2024>
SuMoTuWeThFrSa
293012345
6789101112
13141516171819
20212223242526
272829303112
3456789