Why do cybercriminals target manufacturing companies?

Why do cybercriminals target manufacturing companies?

Cyberattacks on manufacturing companies are increasingly becoming more prevalent. In fact, according to the IBM X-Force Threat Intelligence Index 2021 report, manufacturing jumped from eighth place in 2019 to second place in 2020 in the most-attacked industries list. When it comes to ransomware, in particular, manufacturing also placed second among the industries that were targeted the most in 2020. So why are manufacturing companies heavily targeted by cybercriminals? Let's take a look at four common reasons:

Critical supply chain

In 2020, many organizations stepped up in response to the COVID-19 pandemic. This included manufacturers involved in the production of vaccines and personal protective equipment, which led to increased activity in the industry as a whole. To take advantage of the manufacturing industry when it was at its busiest and government and healthcare institutions were pouring money into it, cybercriminals pivoted to and even doubled their attacks on it.

High likelihood of paying ransom

Unplanned downtime is extremely costly for any manufacturing company, from those running electronics factories to steel mills to chemical plants. It can completely halt their operations, causing them to miss production targets, lose customers, and lose revenue. Industrial manufacturers, for instance, lose around $50 billion a year due to unplanned downtime.

In the event of a ransomware attack, manufacturers are more likely to pay a ransom because it is a small price to pay compared to the losses they will sustain due to downtime. This makes them attractive targets for cybercriminals.

Hold confidential information

Verizon’s 2021 Data Breach Investigations Report (DBIR) found that the second top motive of threat actors for attacking businesses in the manufacturing industry is espionage. This is because manufacturers hold technical trade secrets, intellectual property (e.g., schematics, blueprints, formulas), personal data, and other highly sensitive information.

Manufacturing companies reinvest an average of 4% of net sales back into research and development (R&D), the highest reinvestment rate across all industries. R&D findings give manufacturers a competitive advantage, which is why unscrupulous competitors try to steal them. In fact, the 2018 DBIR revealed that more than 30% of data breaches in the manufacturing industry involved intellectual property theft. The 2017 DBIR also showed that 90% of data stolen in the industry was intellectual property and R&D data.

Related reading: 3 Benefits of a modern ERP system to the manufacturing industry

Poor IT security

Manufacturing companies improve their operations by investing heavily in tech but tend not to invest in security. To make matters worse, there has also been a nearly 50% increase in vulnerabilities in industrial control systems (ICS), which manufacturers highly depend on. Alarmingly, Claroty’s Biannual ICS Risk & Vulnerability 1H 2021 Report discovered that ICS vendors fell behind in identifying and disclosing such vulnerabilities. Eighty-one percent of ICS vulnerabilities were flagged by third parties like academics and security researchers.

ICS networks are much more difficult to secure than common IT networks because most were built long before there were cyberthreats that targeted the former. In short, security was not considered in ICS network design. Furthermore, ICS networks lack security controls that grant visibility on the assets that are on the network and enable you to implement the necessary security measures. These networks also use specialized hardware, software, and network protocols, which are incompatible with common IT security solutions.

These security issues also make the manufacturing industry an easy target for cybercriminals.

Related reading: Find out about the MRP’s top benefits to manufacturers

Manufacturing companies need the help of IT specialists

Given the unique and demanding cybersecurity requirements of manufacturing companies, they must leverage the expertise of an IT specialist like SpectrumWise that has in-depth experience in working with manufacturers. With us at your side, you can expect optimized tech, reliable IT support, and effective security solutions. Schedule a consultation with us today.