More than any other industry, manufacturing takes the brunt of ransomware attacks—and these hacks do not appear to be slowing down. In combination with the other most-hit industries (e.g., professional, scientific and technical services), ransomware attacks against these sectors accounted for more than 40% of all 2024 incidents. For those of us who work in manufacturing, it is important to understand why cybercriminals view manufacturing companies as easy targets. The industry itself has a long-standing reputation of approaching cyber crime with an “it can’t happen here” mentality. However, manufacturing operations have developed to dramatically rely on devices connected to the Internet of Things (IoT), which means that a single breach can compromise access to a myriad of critical controls and/or sensors.
But the ease with which cyber criminals are able to gain access to manufacturing systems is not the sole reason for attacks on the industry. When faced with the choice between protracted operational downtime and paying a ransom fee, many manufacturing companies decide to hand over the ransom so as to not suffer what they consider to be more substantial losses. These decisions are also made in an environment in which cybersecurity attacks have doubled over the previous three years. We have witnessed significant attacks in public, such as the Colonial Pipeline attack, that led to widespread fuel shortages across the United States and demonstrated just how devastating attacks to critical infrastructure can be. We have seen downtime caused by ransomware attacks range from several hours to 129 days. How a manufacturing company decides to respond to ransom demands is not a simple decision.
Moreover, many manufacturers are operating a combination of legacy systems and newer technologies that are not seamlessly compatible. Legacy systems especially are not often equipped with the most up-to-date security defenses that would shield them from sophisticated attacks. This is compounded by potential attacks on supply chains, which can throw timelines into disarray, leading to delays in customer orders and production. The other fact of the matter is that there are so many points of attack that cybercriminals can target that in-house cyber defense teams are overworked and outgunned.
The most crucial step that these companies can take is to obtain comprehensive visibility over their assets. This makes good sense—after all, if you are not aware of your vulnerabilities, how can you hope to mount a strong defense? But the biggest takeaway is that these companies will need to systematically rethink how they approach their cyber defenses. These attacks are not slowing down any time soon.