In Sophos’ new sectoral survey report, ‘The State of Ransomware in Manufacturing
and Production,’ the company found that the manufacturing
sector had the highest average ransom payment across all sectors — $2 036 189.
In addition, 66% of manufacturing and production organisations surveyed
reported an increase in the complexity of cyberattacks, and 61% reported an
increase in the volume of cyberattacks when compared to the previous year’s
survey. The increase in complexity and volume is also 7% and 4% higher than the
cross-sector average, respectively.
“Ransomware
continues to accelerate across all industries as criminals increase their
levels of attack. Sophos takes this very seriously and commissioned an
independent research company to undertake surveys amongst 5600 IT professionals
in mid-sized organisations across 31 countries, including 419 respondents from
the manufacturing and production sector. The results are very sobering and
should prompt organisations in these sectors to take a proactive approach to
cybersecurity,” says Ross Anderson, Sophos Product Development Manager at
Duxbury Networking.
“Manufacturing
is an attractive sector to target for cybercriminals due to the privileged
position it occupies in the supply chain. Outdated infrastructure and lack of
visibility into the OT environment provides attackers with an easy way in and a
launching pad for attacks inside a breached network. The convergence of IT and
OT is increasing the attack surface and exacerbating an already complex threat
environment,” says John Shier, senior security advisor, Sophos.
“While
having reliable backups is an important part of recovery, today’s ransomware
threat requires a detailed response plan that includes human-led threat hunting
capabilities. Complex attacks require comprehensive protection, which, for many
organisations, will include the addition of managed detection and response
(MDR) teams who are trained to look for and neutralise active attackers,” says
Shier.
While
manufacturing and production had the highest average ransom payment, the
percentage of organisations that actually paid the ransom was among the lowest
across sectors (33% versus 46% for the cross-sector average).
Additional findings include:
- The manufacturing and production sector had the
lowest attack rate.
- The
percentage of manufacturing and production organisations hit by ransomware
more than doubled over the previous year’s report.
- The
sector also had the lowest encryption rate,
- Only 75% of those surveyed reported
having cyber insurance — the lowest percentage across all sectors
Considering
the survey findings, Sophos experts recommend the following best practices for
all organisations across all sectors:
- Install and maintain high-quality defences
across all points in the environment. Review security controls regularly
and make sure they continue to meet the organisation’s needs.
- Proactively
hunt for threats to identify and stop adversaries before they can execute
attacks — if the team lacks the time or skills to do this in-house,
outsource to a Managed Detection and Response (MDR) team.
- Harden
the IT environment by searching for and closing key security gaps:
unpatched devices, unprotected machines, and open RDP ports, for example. Extended
Detection and Response (XDR) solutions are ideal for this purpose.
- Prepare
for the worst, and have an updated plan in place of a worst-case incident
scenario.
- Make backups, and practice restoring
them to ensure minimal disruption and recovery time.