+1-877-297-7816

Manufacturing
 

 

Manufacturing has been experiencing an increase in financially motivated breaches in the past couple of years, but espionage is still a strong motivator. Most breaches involve phishing and the use of stolen credentials.


Frequency

352 incidents, 87 with confirmed data disclosure


Top 3 Partners 

Web Applications, Privilege Misuse, and Cyber-Espionage represent
71% of breaches


Threat Factor

External (75%), Internal (30%), Multiple parties (6%), Partner
(1%) (breaches)


Actor Motives

Financial (68%), Espionage (27%), Grudge (3%), Fun (2%) (breaches)


Data Compromised 

Credentials (49%), Internal (41%), Secrets (36%) (breaches)




Uncle Owen, this R2 unit has a financial motivator

For the second year in a row, financially motivated attacks outnumber cyber-espionage as the main reason for breaches in Manufacturing, and this year by a more significant percentage (40% difference). If this were in most any other vertical, it would not be worth mentioning as money is the reason for the vast majority of attacks. However, Manufacturing has experienced a higher level of espionage-related breaches than other verticals in the past few years. So, shall we conclude that James Bond and Ethan Hunt15 have finally routed their respective nemeses for good? Are we free to buy the world a Coke and teach it to sing in perfect harmony? Probably not. A more likely explanation is that some of our partners who typically provide data around cyber-espionage were either unable to participate this year or simply hap­pened to work other types of investigations. This may have contributed to a bias on those results, meaning the real percentage of cyber-espionage cases was higher in the wild. If the relative percentage of one type of case goes down, the result is an apparent upswing in the other.

 

  • Figure 53

Speaking to the web application attacks, this industry shares the same burden of dealing with stolen web­mail credentials as other industries. Most breach­es with a web application as a vector also featured a mail server as an affected asset. From an overall breach perspective, the use of stolen credentials and web applications were the most common hacking action and vector – see Figures 54 and 55.

  • Figure 54

     

  • Figure 55

Secrets and truths

The Cyber-Espionage pattern, while not as prominent as in past reports, is still an attack type that we recommend the Manufacturing industry defend against. The typical utilization of phishing attacks to convince users to install remote access tools that establish footholds and begin the journey towards stealing important competitive information from victims remains the same.

In keeping with the aforementioned rise in financially motivated attacks, the primary perpetrator when known is organized crime. With regard to data variety, there is a group of four data types that feature prominently in this industry. Credentials (49%) and Internal data (41%), stem from the webmail attacks – if a more specific data type is not known, Internal is used for compromised organizational emails. Secrets (36%) drop from previous heights commensurate to the reduction in espionage as a motive. The fourth amigo is Personal information (25%), a data type that includes employee’s W-2 information and other nuggets that can be used for identity theft.

Things to consider

Multiple factors work better than one

It is a good idea to deploy multiple factor authentication throughout all systems that support it, and discourage password reuse. These actions will definitely help mitigate the impact of stolen credentials across the organiza­tion. 

Recycling also applies for security

Regardless of motivation, a large number of breaches in this sector started with phishing or pretexting attacks. Providing employees with frequent security training opportunities can help reduce the likelihood they will be reeled in by one of those attacks. 

Workers must use safety equipment at all times

Unless inconvenient to do so – due to the prevalence of malware usage in the espionage breaches, it is advisable to deploy and keep up-to-date solutions that can help detect and stop those threats.

15 Old-school readers, feel free to substitute Rollin Hand as the pop culture reference here if preferred.