Sophos has released the State of Ransomware in Manufacturing and Production 2023, a report based on a survey of 363 IT/cybersecurity professionals across 14 countries working in the manufacturing and production sector.
Here are some insights from the survey.
Rate of attack and data encryption in manufacturing
One of the headline findings in the report is that the rate of attacks in manufacturing remains level, but data encryption is more frequent than ever: 56% of manufacturing organizations were hit by ransomware in the last year, compared to 55% in the 2022 survey. However, the rate of data encryption following an attack is now at its highest level in three years, with over two-thirds (68%) of the attacks resulting in data being encrypted.
Furthermore, manufacturing organizations were less able to stop encryption than ever before: only one in four attacks (27%) could be stopped before data was encrypted, indicating that adversaries are getting smarter.
In 32% of cases where data was encrypted, data was also stolen, suggesting this “double dip” method of data encryption and data exfiltration is becoming commonplace.
Root causes of attacks in manufacturing
Compromised credentials were the most common root cause, used in 27% of attacks reported by manufacturing organizations, closely followed by exploited vulnerabilities, which were the cause of 24% of incidents.
Furthermore, 41% reported malicious emails or phishing as the root causes of an attack. With the cross-sector average coming in at 30%, these findings indicate that manufacturing and production is particularly exposed to email-based attacks.
Ransom payments by manufacturing organizations
Manufacturing reported a low propensity to pay the ransom (34%) to get their data back, with almost double the number that paid the ransom using backups for data recovery (73%). Encouragingly, the use of backups for data recovery increased by 15 percentage points from the 58% reported a year before.
While this is a welcome improvement, manufacturing has the lowest rate of data recovery (88% got back encrypted data vs. the 97% cross-sector average), suggesting that the sector should continue to focus on strengthening backup use.
The proportion of manufacturing organizations paying higher ransoms has increased from our 2022 study, with 40% paying a ransom between $100,000 and $999,999 vs. 29% who paid this amount the year before. In addition, 20% reported payments of $1 million or more compared to just 8% the year prior.
Mitigating the ransomware risk
Sophos recommends the following best practices to help defend against ransomware and other cyberattacks:
Strengthen defensive shields, including:
Security tools that defend against the most common attack vectors, including endpoint protection with strong anti-exploit capabilities to prevent exploitation of vulnerabilities, and Zero Trust Network Access (ZTNA) to thwart the abuse of compromised credentials
Adaptive technologies that respond automatically to attacks, disrupting adversaries and buying defenders time to respond
24/7 threat detection, investigation, and response – whether delivered in-house or by a specialist Managed Detection and Response (MDR) provider
Optimize attack preparation, including making regular backups, practicing recovering data from backups, and maintaining an up-to-date incident response plan.
Maintain good security hygiene, including timely patching and regularly reviewing security tool configurations.
About the survey
Data for the State of Ransomware 2023 report comes from a vendor-agnostic survey of 3,000 cybersecurity/IT leaders conducted between January and March 2023, including 363 in the manufacturing and production sector. Respondents were based in 14 countries across the Americas, EMEA, and Asia Pacific. Organizations surveyed had between 100 and 5,000 employees, and revenue ranged from less than $10 million to more than $5 billion.