Cybersecurity firm, Sophos, has revealed in its new sectoral survey report, ‘The State of Ransomware in Manufacturing and Production 2023’, that in more than two-thirds (68 per cent) of ransomware attacks against this sector, the adversaries successfully encrypted data.
Sophos described this as the highest reported encryption rate for the sector over the past three years and is in line with a broader cross-sector trend of attackers more frequently succeeding in encrypting data.
The report however, said in contrast to other sectors, the percentage of manufacturing organisations that used backups to recover data has increased, with 73 per cent of the manufacturing firms surveyed using backups this year versus 58 per cent in the previous year. It said despite this increase, the sector still has one of the lowest data recovery rates.
Field Chief Technical Officer, Sophos, John Shier, said: “Using backups as a primary recovery mechanism is encouraging since the use of backups promotes faster recovery. While ransom payments cannot always be avoided, we know from our survey response data that paying a ransom doubles the costs of recovery.
“With 77 per cent of manufacturing organizations reporting lost revenue after a ransomware attack, this added cost burden should be avoided, and priority placed on earlier detection and response.”
In addition, the report found that despite the growing use of backups, manufacturing and production reported longer recovery times this year. In 2022, 67 per cent of manufacturing organizations recovered within a week, while 33 per cent recovered in more than a week. This past year, only 55 per cent of manufacturing organisations surveyed recovered within a week.
“Longer recovery times in manufacturing are a concerning development. As we’ve seen in Sophos’ Active Adversary reports, based on incident response cases, the manufacturing sector is consistently at the top of organizations needing assistance recovering from attacks.
This extended recovery is negatively impacting IT teams, where 69 per cent report that addressing security incidents is consuming too much time and 66 per cent are unable to work on other projects,” the report noted.
Sophos experts recommend the following best practices for organisations in manufacturing and across all other sectors; strengthening defensive shields with security tools that defend against the most common attack vectors, including endpoint protection with strong anti-exploit capabilities to prevent exploitation of vulnerabilities, and Zero Trust Network Access (ZTNA) to thwart the abuse of compromised credentials; adaptive technologies that respond automatically to attacks, disrupting adversaries and buying defenders time to respond; 24/7 threat detection, investigation and response, whether delivered in-house or by a specialist Managed Detection and Response (MDR) provider.
Others need to optimise attack preparation, including making regular backups, practicing recovering data from backups and maintaining an up-to-date incident response plan and maintaining good security hygiene, including timely patching and regularly reviewing security tool configurations.