Written by: Ferhat Dikbiyik, Chief Research & Intelligence Officer

Manufacturing companies are in the crosshairs of cybercriminals, with ransomware attacks as the number one threat to the industry. In our 2024 Report: The Biggest Third-Party Risks in Manufacturing, we analyzed 1,039 manufacturing companies across 10 sub-industries and found the sector accounts for 21% of all ransomware attacks globally. While these figures reveal the urgent need for individual companies to shore up their defenses, it’s essential to recognize that manufacturing companies do not operate in isolation—they exist within an intricate web of supply chains, where a disruption to one player can have cascading effects on others. 

Consider this: a ransomware attack on one of your key suppliers can stop your operations in their tracks. If a supplier responsible for microchips, preservatives, or critical machinery parts is taken offline, your own company might not be able to continue production. Even if you have no direct ransomware attack on your systems, you’re vulnerable to supply chain delays that can ripple throughout the network.

This means third-party risk management (TPRM) is not just a priority but a necessity for manufacturing companies that want to avoid catastrophic operational and financial consequences. Fixing your own vulnerabilities is essential, but if your key suppliers are compromised, your production lines and supply chain will suffer just as much.

A Chain is Only as Strong as Its Weakest Link

Why is the manufacturing industry such a hotbed for ransomware activity? Our findings indicate that 67% of manufacturing companies have vulnerabilities listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. These are known vulnerabilities actively targeted by threat actors. If these go unchecked in your supply chain, your company may face operational disruptions, even if you’ve taken steps to secure your own systems.

For example, imagine you’re a food manufacturer relying on a supplier for metal cans. If that supplier is hit by ransomware, it can delay or prevent the packaging of your products, leading to missed deliveries and spoiled goods. Or consider an electronics manufacturer that relies on a supplier for microchips—an attack on the supplier could grind your production to a halt, leaving you unable to meet your customers’ demand.

Real-World Examples of Supply Chain Disruption

To contextualize just how consequential these unchecked risks can be, here are real-world examples of how ransomware attacks on manufacturers and their suppliers have caused significant operational and financial disruptions throughout the supply chain.

  1. Clorox (2023): A ransomware attack on Clorox disrupted its IT infrastructure, causing product shortages that rippled through the supply chain. The attack forced Clorox to shut down its automated systems and switch to manual operations, significantly slowing down production and resulting in widespread product unavailability for retailers and consumers, particularly for high-demand products. The recovery process, which extended over weeks, showcased the broader impact of cyberattacks on supply chains and consumer markets.
  2. Norsk Hydro (2019): The 2019 LockerGoga ransomware attack on aluminum giant Norsk Hydro halted production at several of its global facilities and cost the company approximately $71 million. The company had to switch from automated to manual operations, leading to significant delays in manufacturing and delivery of aluminum products. This affected industries that depend on Norsk Hydro’s aluminum, such as automotive, construction, and packaging, causing delays and shortages in their own supply chains, highlighting the interconnectedness of global supply chains and the severe impact a single cyberattack can have across multiple industries.
  3. Lacroix Electronics (2023): Lacroix, a French electronics manufacturer, temporarily shut down three of its production sites following a ransomware attack. The shutdown of production over the course of a week created bottlenecks, impacting both Lacroix’s internal processes and its downstream partners.
  4. Acer (2021): Acer was hit by a $50 million ransomware attack in March 2021, launched by the REvil group. The attackers gained access to Acer’s systems and demanded payment in cryptocurrency to provide a decryption key and avoid leaking sensitive data. As a major player in electronics manufacturing, disruptions at Acer affected the availability of critical components, which in turn impacted other companies reliant on Acer for parts.

In each case, it wasn’t just the ransomed companies facing operational chaos—real, time-sensitive challenges fell on the businesses that relied on them for critical supplies and components. These dependent companies had to navigate the cascading effects of disrupted supply chains, from raw material shortages to delayed shipments. So ransomware isn’t just an internal issue for the company dealing with the attack firsthand. It’s a third-party risk management (TPRM) problem for companies relying on the compromised supplier.

Proactive Steps to Secure Your Supply Chain

In 2023, the MOVEit Transfer vulnerability exposed hundreds of organizations, including manufacturers, to ransomware attacks. The CLOP ransomware group exploited a software flaw, leading to widespread disruptions in industries ranging from logistics to production. This incident demonstrates the importance of scrutinizing third-party software tools—any weak link in the supply chain could be an entry point for cybercriminals, potentially affecting your entire business.

One effective way to manage this is by leveraging tools like Black Kite’s Ransomware Susceptibility Index® (RSI™), which measures how likely a company or supplier is to suffer a ransomware attack. This allows you to assess not only your own company’s risk but also the risk posed by your third-party vendors. With these insights, you can take proactive steps to address vulnerabilities in your supply chain before they become costly breaches.

Conclusion: Securing the Entire Ecosystem

The findings from our report should serve as a wake-up call to manufacturing companies. It’s not enough to secure your own systems—you must ensure that your supply chain is secure. Ransomware attacks and cyber vulnerabilities within your third-party vendors pose a significant risk to your operations.

By taking a proactive, comprehensive approach to third-party risk management, you can mitigate these risks and ensure business continuity, protecting not only your operations but also the entire supply chain on which you depend.

Want to learn how your company and its third-party vendors stack up in terms of ransomware susceptibility and cyber risk? Schedule a demo with Black Kite today and take the first step toward securing your manufacturing operations.

References:

https://www.industryweek.com/technology-and-iiot/article/21274431/the-clorox-co-recovers-from-severe-cyberattack

https://news.microsoft.com/source/features/digital-transformation/hackers-hit-norsk-hydro-ransomware-company-responded-transparency

https://www.securityweek.com/lacroix-closes-production-sites-following-ransomware-attack/amp

https://www.bleepingcomputer.com/news/security/computer-giant-acer-hit-by-50-million-ransomware-attack/amp

Ready to see what Black Kite’s cyber risk detection and response platform can do for you?

Request a Demo