Black Kite, a leading provider of third-party cyber risk intelligence, recently published the 2024 report: The Biggest Third-Party Risks in Manufacturing, which revealed that 80 percent of manufacturing companies have critical vulnerabilities putting them at high risk for exploitation. In creating the report, the Black Kite Research Team (BRITE) examined nearly 5,000 companies across 10 sub-categories in the manufacturing industry.
Rapid digital transformation in recent years has made manufacturing a prime target for cyber attacks. Threat actors know that defense strategies have not kept pace with the rapidly expanding attack surface and these companies play critical roles within global supply chains. Attacks within manufacturing can result in cascading operational disruption and financial and reputational damage.
When considering the potential for impact and the sector’s vulnerable state, it is no surprise that, according to Black Kite data, manufacturing was the top industry victimized by ransomware attacks over the analyzed one-year time period (April 2023-March 2024), with more than 1,000 victims confirmed. Industrial machinery manufacturing tops the list of ransomware victims in the space, followed by motor vehicle parts manufacturing, and pharmaceutical and medicine manufacturing.
Key findings of the report include:
- 69 percent of companies analyzed have exposed credentials in the last 90 days.
- A significant portion of manufacturing companies have also had vulnerabilities from the CISA known exploited vulnerabilities (KEV) catalog (67 percent) and broken crypto algorithms (62 percent).
- Most manufacturers applied good application security practices, but 30 percent of companies have critical vulnerabilities in web applications that threat actors can exploit.
- Poor patch management is pervasive across the industry, with 94 percent of companies in the furniture and related product manufacturing sub-industry scoring a D or F in patch management, which means most assets are running vulnerable or out-of-date products.
The report also ranks manufacturing companies’ probability of a ransomware attack occurring using Black Kite’s Ransomware Susceptibility Index® (RSI™). Black Kite collects data from open source intelligence sources (OSINT) — internet scanners, hacker forums and sources on the deep/dark web and more — and then uses machine learning to make correlations with a company’s existing security controls to approximate potential risk for ransomware attacks. With its RSI score, a company can know the likelihood of an attack in minutes on a scale that ranges from 0.0 (lowest probability) to 1.0 (highest probability).
According to the report, every sub-industry in manufacturing examined averaged a 0.4 or greater RSI score, placing them in the critical category, meaning they are 3.4 times more likely to experience a ransomware attack. The risk is significantly higher in many subcategories. For instance, more than 60 percent of companies in both chemical manufacturing and transportation and equipment manufacturing fell into the critical category.
The full blog can be viewed by clicking here..