More than two-thirds or 68% of ransomware attacks against the manufacturing sector have resulted in encrypted data , the highest reported encryption rate for the industry over the past three years, according to a recent Sophos report.
This is in line with a broader cross-sector trend of attackers more frequently succeeding in encrypting data. However, in contrast to other sectors, the percentage of manufacturing companies that used backups to recover data has increased, with 73% of those surveyed using backups this year versus 58% in the previous year. Despite this increase, the sector still has one of the lowest data recovery rates.
“Using backups as a primary recovery mechanism is encouraging, since the use of backups promotes a faster recovery. While ransom payments cannot always be avoided, we know from our survey response data that paying a ransom doubles the costs of recovery,” said John Shier, field CTO, Sophos. “With 77% of manufacturing organisations reporting lost revenue after a ransomware attack, this added cost burden should be avoided, and priority placed on earlier detection and response.”
Sophos polled 363 organisations in manufacturing and production, across 14 countries in the Americas, EMEA and Asia Pacific as part of its “The State of Ransomware 2023” survey, which interviewed 3,000 IT/cybersecurity leaders in companies with between 100 and 5,000 employees.
Longer recovery times
Despite the growing use of backups, manufacturing and production reported longer recovery times this year. In 2022, 67% of those surveyed within the sector recovered within a week, while 33% recovered in more than a week. This past year, only 55% of manufacturing respondents recovered within a week.
“Longer recovery times in manufacturing are a concerning development. As we've seen in Sophos' Active Adversary reports, based on incident response cases, the manufacturing sector is consistently at the top of organisations needing assistance recovering from attacks,” said Shier.
“This extended recovery is negatively impacting IT teams, where 69% report that addressing security incidents is consuming too much time and 66% are unable to work on other projects.”
John Shier, Sophos
Meanwhile, Sophos provides a look at a large-scale ransomware attack against a manufacturing company in its newly released three-part “Think You Know Ransomware?” documentary series. In episode 2, the cybersecurity technology providers interviews the chief information security officer of Norsk Hydro, a major aluminum production company, to learn about the aftermath and investigation of the attack against the company.
Sophos experts recommend the following best practices for organizations in manufacturing and across all other sectors:
- Strengthen defensive shields with:
- Security tools that defend against the most common attack vectors, including endpoint protection with strong anti-exploit capabilities to prevent exploitation of vulnerabilities, and Zero Trust Network Access (ZTNA) to thwart the abuse of compromised credentials
- Adaptive technologies that respond automatically to attacks, disrupting adversaries and buying defenders time to respond
- 24/7 threat detection, investigation and response, whether delivered in-house or by a specialist Managed Detection and Response (MDR) provider
- Optimise attack preparation, including making regular backups, practicing recovering data from backups and maintaining an up-to-date incident response plan
- Maintain good security hygiene, including timely patching and regularly reviewing security tool configurations