A new report on ransomware in manufacturing has revealed that in more than two-thirds of ransomware attacks against this sector, the adversaries successfully encrypted data. The report by Sophos is titled The State of Ransomware in Manufacturing and Production 2023.
This is the highest reported encryption rate for the sector over the past three years and is in line with a broader cross-sector trend of attackers more frequently succeeding in encrypting data.
However, in contrast to other sectors, the percentage of manufacturing organizations that used backups to recover data has increased, with 73 per cent of the manufacturing organisations surveyed using backups this year versus 58 per cent in the previous year. Despite this increase, the sector still has one of the lowest data recovery rates.
“Using backups as a primary recovery mechanism is encouraging, since the use of backups promotes a faster recovery. While ransom payments cannot always be avoided, we know from our survey response data that paying a ransom doubles the costs of recovery,” said John Shier, field CTO, Sophos, “With 77 per cent of manufacturing organisations reporting lost revenue after a ransomware attack, this added cost burden should be avoided, and priority placed on earlier detection and response.”
In addition, despite the growing use of backups, manufacturing and production reported longer recovery times this year. In 2022, 67 per cent of manufacturing organizations recovered within a week, while 33 per cent recovered in more than a week. This past year, only 55 per cent of manufacturing organizations surveyed recovered within a week.
“Longer recovery times in manufacturing are a concerning development. As we’ve seen in Sophos’ Active Adversary reports, based on incident response cases, the manufacturing sector is consistently at the top of organizations needing assistance recovering from attacks. This extended recovery is negatively impacting IT teams, where 69 per cent report that addressing security incidents is consuming too much time and 66 per cent are unable to work on other projects,” John further said.
Sophos experts recommend the following best practices for organisations in manufacturing and across all other sectors:
- Strengthen defensive shields with:
- Security tools that defend against the most common attack vectors, including endpoint protection with strong anti-exploit capabilities to prevent exploitation of vulnerabilities, and Zero Trust Network Access [ZTNA] to thwart the abuse of compromised credentials
- Adaptive technologies that respond automatically to attacks, disrupting adversaries and buying defenders time to respond
- 24/7 threat detection, investigation and response, whether delivered in-house or by a specialist Managed Detection and Response [MDR] provider
- Optimise attack preparation, including making regular backups, practising recovering data from backups and maintaining an up-to-date incident response plan
- Maintain good security hygiene, including timely patching and regularly reviewing security tool configurations.