When one operation or company in the chain gets attacked, it can lead to a domino effect and "cascading operational disruption and financial and reputational damage." In short — when threat actors target both manufacturing and supply chains, they get more bang for their buck if they succeed. Not just this, but out of the 5,000 companies that were examined, 80% of manufacturing companies have "critical" CVSS-rated vulnerabilities, 67% of which are already listed in the Known Exploited Vulnerabilities (KEV) catalog maintained by the Cybersecurity and Infrastructure Agency (CISA). "The manufacturing industry stands at a critical juncture, where the stakes of third-party risk have never been higher," the Black Kite researchers wrote. "Patch management is the first line of defense, yet it's widely neglected in this industry," Ferhat Dikbiyik, chief research and intelligence officer at Black Kite, tells Dark Reading. According to a study released by Black Kite, the manufacturing sector accounts for 21% of ransomware attacks and places manufacturing entities at a significantly high risk, making them more than three times as likely to suffer a ransomware attack. Copyright © 2024 Informa PLC Informa UK Limited is a company registered in England and Wales with company number 1072954 whose registered office is 5 Howick Place, London, SW1P 1WG. With a majority of these organizations having Internet-facing assets that are likely rife with vulnerabilities, Dikbiyik says this is low-hanging fruit for threat actors and must be addressed as quickly as possible. In the past year, the manufacturing industry has been the top target for ransomware groups, due to the sector's lack of technological advancement, even as its digital footprint continues to grow. "Cybersecurity doesn't have to be a barrier to innovation — it can be a growth enabler," Dikbiyik says. Improvements in cybersecurity and basics like patching aren't keeping pace with the manufacturing sector's rapid growth.
This Cyber News was published on www.darkreading.com. Publication date: Wed, 02 Oct 2024 13:00:10 +0000