Manufacturing reports highest average ransomware payment across all sectors

In Sophos’ new sectoral survey report: "The State of Ransomware in Manufacturing and Production", the company found that the manufacturing sector had the highest average ransom payment across all sectors – $2 036 189. In addition, 66% of manufacturing and production organisations surveyed reported an increase in the complexity of cyber attacks, and 61% reported an increase in the volume of cyber attacks when compared to the previous year’s survey. The increase in complexity and volume is also 7% and 4% higher than the cross-sector average, respectively.

“Ransomware continues to accelerate across all industries as criminals increase their levels of attack. Sophos takes this very seriously and commissioned an independent research company to undertake surveys among 5 600 IT professionals in mid-sized organisations across 31 countries, including 419 respondents from the manufacturing and production sector. The results are very sobering and should prompt organisations in these sectors to take a proactive approach to cyber security,” says Ross Anderson, Sophos Product Development Manager at Duxbury Networking.

“Manufacturing is an attractive sector to target for cyber criminals due to the privileged position it occupies in the supply chain. Outdated infrastructure and lack of visibility into the OT environment provides attackers with an easy way in and a launching pad for attacks inside a breached network. The convergence of IT and OT is increasing the attack surface and exacerbating an already complex threat environment,” says John Shier, senior security advisor, Sophos.

“While having reliable backups is an important part of recovery, today’s ransomware threat requires a detailed response plan that includes human-led threat hunting capabilities. Complex attacks require comprehensive protection, which, for many organisations, will include the addition of managed detection and response (MDR) teams who are trained to look for and neutralise active attackers,” says Shier.

While manufacturing and production had the highest average ransom payment, the percentage of organisations that actually paid the ransom was among the lowest across sectors (33% versus 46% for the cross-sector average).

Additional findings include:

• The manufacturing and production sector had the lowest attack rate;
• The percentage of manufacturing and production organisations hit by ransomware more than doubled over the previous year’s report;
• The sector also had the lowest encryption rate; and
• Only 75% of those surveyed reported having cyber insurance – the lowest percentage across all sectors.

Considering the survey findings, Sophos experts recommend the following best practices for all organisations across all sectors:

• Install and maintain high-quality defences across all points in the environment. Review security controls regularly and make sure they continue to meet the organisation’s needs.
• Proactively hunt for threats to identify and stop adversaries before they can execute attacks – if the team lacks the time or skills to do this in-house, outsource to a managed detection and response (MDR) team.
• Harden the IT environment by searching for and closing key security gaps: unpatched devices, unprotected machines and open RDP ports, for example. Extended detection and response (XDR) solutions are ideal for this purpose.
• Prepare for the worst and have an updated plan in place of a worst-case incident scenario.
• Make backups, and practise restoring them to ensure minimal disruption and recovery time.

For more information, contact Duxbury Networking, (+27) 011 351 9800, info@duxnet.co.za, www.duxbury.co.za.