According to security solutions company Sophos, the manufacturing sector had the highest average ransom payment across all sectors at over $2 million. The production sector, on the other hand, pays an average of over $800,000. However, the two sectors had the lowest attack rate, tied with financial services, with only 55% of organizations surveyed targeted by ransomware.
Sophos’ sectoral survey report, “The State of Ransomware in Manufacturing and Production” showed that 66% of manufacturing and production organizations surveyed reported an increase in the complexity of cyber attacks, and 61% reported an increase in the volume of cyber attacks when compared to the previous year’s survey.
“Manufacturing is an attractive sector to target for cybercriminals due to the privileged position it occupies in the supply chain,” said John Shier, senior security advisor at Sophos. “Outdated infrastructure and lack of visibility into the OT environment provides attackers with an easy way in and a launching pad for attacks inside a breached network. The convergence of IT and OT is increasing the attack surface and exacerbating an already complex threat environment.”
The manufacturing and production sector also had the lowest encryption rate (57% vs 65% for the cross-sector average).
Only 75% of those surveyed reported having cyber insurance — the lowest percentage across all sectors.
In light of the survey findings, Sophos experts recommend the following best practices for all organizations across all sectors:
- Install and maintain high-quality defenses across all points in the environment. Review security controls regularly and makes sure they continue to meet the organization’s needs
- Proactively hunt for threats to identify and stop adversaries before they can execute attacks — if the team lacks the time or skills to do this in-house, outsource to a Managed Detection and Response (MDR) team
- Harden the IT environment by searching for and closing key security gaps: unpatched devices, unprotected machines, and open RDP ports, for example. Extended Detection and Response (XDR) solutions are ideal for this purpose
- Prepare for the worst, and have an updated plan in place of a worst-case incident scenario
- Make backups, and practice restoring them to ensure minimal disruption and recovery time