Manufacturing facilities are an important part of the fabric of the U.S. economy, producing some of our most iconic brands. But an increasing amount of cybercrime could introduce more risk to the sector, according to our new research.
For the third year in a row, the IBM X-Force Threat Intelligence Report ranked manufacturing as the most-attacked industry by cybercriminals. The sector’s low tolerance for downtime has historically made it an attractive target for cybercriminals seeking to apply pressure for financial gains.
In fact, last year, manufacturers comprised more than 25% of security incidents, with malware attacks – primarily ransomware –making up the majority of those incidents. In the constantly shifting threat landscape, this trend calls for security fundamentals to remain an essential component of manufacturers’ security strategy.
In fact, the X-Force report reveals that in attacks on critical infrastructure organizations, 85% of incidents could have been mitigated with patching, multi-factor authentication or least-privilege principles. Not only does this highlight the impact of basic security practices, but it also illustrates the complex challenges through which critical sectors like manufacturing must navigate to secure their environments.
Why Hack in When You Can Just Log in?
Threat actors are continuously seeking the path of least resistance to carry out their attacks, and those cracks are often found in the areas that organizations struggle to secure effectively. In the U.S. alone, 42% of cyberattacks observed last year were caused by cybercriminals simply logging into enterprise environments through valid accounts. This reaffirms the challenge organizations face with dynamically securing users accessing more data than ever before across distributed environments. It also mirrors a global trend, wherein X-Force saw a 71% increase in attacks caused by using valid accounts.
When it comes to attacks on the manufacturing sector, the largest impact observed was credential harvesting, confirming threat actors’ interest in collecting credentials that can provide them with access to high-value data. X-Force saw a 266% rise in infostealing malware, which is designed to obtain credentials for emails, social media and messaging app credentials, and banking details and more, highlighting that threat actors are continuing to invest in innovative ways to obtain access user identities via credentials.
We anticipate that these challenges will continue to persist as cybercriminals begin employing generative AI for identity-based attacks. Just as businesses seek to leverage AI to summarize data, cybercriminals may turn to it for data distillation, putting AI to work with the troves of compromised data they’ve collected to identify the best targets for an attack.
Time for a Security Checkup
The complexity of today’s networks – combined with user access needs and the spread of data across hybrid, multi-cloud environments – makes mitigating these risks a challenging task. Cybersecurity experts on my team say it’s never been more critical for organizations to carefully examine their networks and user access structure to ensure they’re operating with sound security fundamentals.
Fortunately, there are important actions that manufacturers can take to safeguard their networks from identity-based attacks, which is a leading cause of breaches. These include the following:
Stress-test your system: Organizations should frequently stress-test environments for potential exposures and develop incident-response plans for when—not if—a security breach occurs. The stress tests that X-Force conducted in 2023 for clients revealed that identification and authentication failures (e.g. weak password policies) were the second-most observed security risk.
Leverage AI: AI-enabled behavioral analytics and biometrics tools are increasingly useful as a form of verification. Habits like typing speed and keystrokes are just a few examples of behavioral analytics that can verify a unique user is, in fact, legitimate. AI-powered technologies can also help detect and investigate signs of compromised credentials and other malicious behavior.
Enforce multi-factor authentication (MFA) for users: Organizations can strengthen their credential management practices to protect system or domain credentials by implementing MFA and strong password policies to include the use of passkeys and leverage hardened system configurations to make accessing credentials more difficult.
As cyber threats continue to evolve, vigilance is necessary. It’s critical that manufacturing companies understand both the new attack surface as well as the increasingly malicious tactics of cybercriminals. By strengthening your organization’s cyber preparedness, you help protect its ability to flourish in the future.
Michelle Alvarez, part of IBM’s X-Force Strategic Threat Analysis team, brings nearly 20 years of cybersecurity experience to her role, specializing in threat research and communication. In her current role, she focuses communications efforts around strategic threat and impact assessments for X-Force Incident Response and Threat Intelligence clients.