A new survey by Sophos has shown that more than two-thirds (68%) of ransomware attacks against the manufacturing sector have successfully encrypted data.
The State of Ransomware in Manufacturing and Production 2023 noted that 68 percent is the highest reported encryption rate for the sector over the past three years and aligns with the broader cross-sector trend of attackers more frequently succeeding in encryption data.
However, manufacturers have also responded swiftly to the spate of attacks. The percentage of manufacturers using backups to recover data is on the rise, according to the Sophos survey. 73 percent of manufacturing organisations that responded to the survey this year said they use backups. This is higher than 58 percent in the previous year. The increase, nonetheless, the manufacturing sector still has one of the lowest data recovery rates.
“Using backups as a primary recovery mechanism is encouraging, since the use of backups promotes a faster recovery. While ransom payments cannot always be avoided, we know from our survey response data that paying a ransom doubles the costs of recovery,” said John Shier, field CTO, Sophos. “With 77 percent of manufacturing organizations reporting lost revenue after a ransomware attack, this added cost burden should be avoided, and priority placed on earlier detection and response.”
The report found that the most common cause of the attacks was compromised credentials used in 27 percent of the reported incidents. Attackers also found a way by exploiting vulnerabilities. This accounted for 24 percent of incidents. 41 percent of manufacturers said malicious emails or phishing was the root cause of the attack.
While manufacturers are increasing the use of backups, they are reporting longer recovery times this year. In 2022, 67 percent of manufacturing organisations recovered within a week, while 33 percent recovered in more than a week.
Shier describes longer recovery times in manufacturing as a concerning development.
“As we’ve seen in Sophos Active Adversary reports, based on incident response cases, the manufacturing sector is consistently at the top of organisantions needing assistance recovering from attacks. This extended recovery is negatively impacting IT teams, where 69 percent report that addressing security incidents is consuming too much and 66 percent are unable to work on other projects,” he said.
Nevertheless, about 34 percent of manufacturers said they are less likely to pay ransom to get their data back. But 73 percent of those who paid the ransom are using backups for data recovery.
Also, the proportion of manufacturing organisations paying higher ransoms has increased since Sophos’ study in 2022. 40 percent paid a ransom between $100,000 and $999,999 in 2022 compared to 29 percent who paid this amount in 2021.
Read also: What to know about new Data Protection Bill
Sophos recommended the use of security tools that defend against the most common attack vectors, including endpoint protection with strong anti-exploit capabilities to prevent exploitation of vulnerabilities, and Zero Trust Network Access (ZTNA) to thwart the abuse of compromised credentials.
Manufacturers can also use adaptive technologies that respond automatically to attacks, disrupting adversaries and buying defenders time to respond.
Finally, they can also deploy 24/7 threat detection, investigation, and response whether delivered in-house or by a specialist Managed Detection and Response (MDR) provider.