This is the highest rate of encryption in three years.
Sophos, a global leader in innovating and delivering cybersecurity as a service, has released a new sectoral survey report titled “The State of Ransomware in Manufacturing and Production 2023.” The report highlights that ransomware attacks in the manufacturing sector have seen a significant increase in successful data encryption, with adversaries successfully encrypting data in over two-thirds [68%] of attacks. This encryption rate is the highest recorded in the sector over the past three years, reflecting a broader trend across various sectors where attackers are more frequently succeeding in encrypting data.
However, there is a positive shift in the manufacturing sector compared to other sectors when it comes to using backups for data recovery. The survey reveals that 73% of manufacturing organizations surveyed have employed backups to recover their data this year, a notable increase from 58% in the previous year. Despite this improvement, the manufacturing sector still faces challenges in data recovery and has one of the lowest data recovery rates.
Paying a Ransom Doubles the Costs of Recovery
John Shier, the field CTO at Sophos, acknowledges the encouraging trend of using backups as a primary recovery mechanism since it promotes faster recovery. The survey data indicates that paying a ransom doubles the costs of recovery, and with 77% of manufacturing organizations reporting lost revenue after a ransomware attack, it is crucial to prioritize earlier detection and response instead of resorting to ransom payments.
Interestingly, despite the growing adoption of backups, manufacturing and production organizations reported longer recovery times this year. In 2022, 67% of manufacturing organizations recovered within a week, whereas 33% took more than a week to recover. However, in the past year, only 55% of manufacturing organizations surveyed recovered within a week.
Extended recovery times in the manufacturing sector are concerning. Sophos’ Active Adversary reports, based on incident response cases, consistently show that manufacturing organizations require the most assistance in recovering from attacks. This prolonged recovery process negatively impacts IT teams, with 69% reporting that addressing security incidents consumes excessive time and 66% being unable to work on other projects.
To provide insights into the impact of ransomware attacks in the manufacturing sector, Sophos has released a three-part documentary series called “Think You Know Ransomware?” Episode 2 features an interview with the chief information security officer of Norsk Hydro, a major aluminum production company, discussing the aftermath and investigation of an attack against their organization.
Sophos experts recommend the following best practices for organizations in the manufacturing sector and across all sectors:
- Strengthen defensive measures with security tools that defend against common attack vectors, including robust endpoint protection with anti-exploit capabilities to prevent vulnerability exploitation, and implement Zero Trust Network Access [ZTNA] to counter the abuse of compromised credentials.
- Utilize adaptive technologies that automatically respond to attacks, disrupting adversaries and buying defenders time to respond effectively.
- Implement 24/7 threat detection, investigation, and response, either through an in-house team or by partnering with a specialist Managed Detection and Response [MDR] provider.
- Optimize attack preparation by regularly backing up data, practicing data recovery from backups, and maintaining an up-to-date incident response plan.
- Maintain good security hygiene by promptly patching vulnerabilities and regularly reviewing security tool configurations.
To access the full report on the State of Ransomware in Manufacturing and Production, visit Sophos.com. The survey was conducted among 3,000 IT/cybersecurity leaders from organizations with 100 to 5,000 employees, including 363 manufacturing and production organizations, across 14 countries in the Americas, EMEA, and Asia Pacific.