A staggering 80% of manufacturing companies have critical vulnerabilities, putting them at heightened risk of cyberattacks.
This was one of the findings of Back Kite’s 2024 report, The Biggest Third-Party Risks in Manufacturing. Black Kite is a third-party cyber risk intelligence business.
The findings stem from an analysis of nearly 5,000 companies across 10 manufacturing sub-industries, highlighting the extensive third-party risk landscape in the sector.
As manufacturing rapidly adopts digital technologies, it has become a prime target for cyberattacks. Cybercriminals are exploiting the sector’s expanding digital footprint, with defense strategies often lagging behind the growing attack surface. Given the sector’s role in global supply chains, attacks on manufacturers can cause operational disruptions, financial losses, and severe reputational damage.
Black Kite’s data reveals that manufacturing was the top industry victimized by ransomware between April 2023 and March 2024, with over 1,000 confirmed attacks. The industrial machinery manufacturing sector was hit hardest, followed by motor vehicle parts and pharmaceutical manufacturers.
Due to its critical nature, the manufacturing industry is a prime target for bad actors to exploit, said Ferhat Dikbiyik, Black Kite’s chief research and intelligence officer. He said despite the fact that these entities have invested heavily in protecting physical and operational technology, their growing digital footprints are a vulnerability that must be addressed.
They need to act now to strengthen their defenses against the escalating threat of ransomware.
Other Findings
The report highlights several risks frequently present when manufacturing companies are compromised. Among them:
- 69% of companies analyzed had exposed credentials in the last 90 days.
- 67% were vulnerable to attacks based on the CISA’s known exploited vulnerabilities (KEV) catalog.
- 62% of companies had broken cryptographic algorithms, compromising data security.
- 30% of companies had critical vulnerabilities in web applications, potentially exploitable by cybercriminals.
One of the most concerning revelations was the prevalence of poor patch management. In the furniture and related product manufacturing sub-industry, 94% of companies scored a D or F in patch management, meaning their systems are running outdated or vulnerable software.
“It is important to note that in manufacturing, many systems are integral to the production process and cannot be easily updated without potentially impacting operations. However, this does not justify exposing these systems to the internet, where they can become easy targets for cyberattacks,” Dikbiyik said. “Unfortunately, the machines we observed were indeed exposed, heightening the security risks for these organizations.”
Ransomware Susceptibility in Manufacturing
Black Kite’s Ransomware Susceptibility Index provided further insight into the likelihood of a ransomware attack across the manufacturing industry. The RSI score, ranging from 0.0 (lowest probability) to 1.0 (highest probability), uses open-source intelligence and machine learning to assess the risk for companies. Every subcategory in manufacturing averaged a 0.4 or higher RSI score, placing them in the critical risk zone with an increased likelihood of experiencing a ransomware attack.
Particularly vulnerable sectors included chemical manufacturing and transportation equipment manufacturing, where over 60% of companies fell into the critical category for ransomware risk.
As cyber threats grow more frequent and sophisticated, Black Kite’s research serves as a call to action for the manufacturing sector to strengthen its cyber defenses. For more information, visit the Black Kite blog.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.