Black Kite Research Reveals that 80% of Manufacturing Companies Have Critical Vulnerabilities
Black Kite’s team BRITE explored the likelihood of data breaches and cyberattacks on this critical industry
Boston, MA – October 2, 2024
Black Kite, the leader in third-party cyber risk intelligence, today published the 2024 report: The Biggest Third-Party Risks in Manufacturing, which revealed that a staggering 80% of manufacturing companies have critical vulnerabilities putting them at high risk for exploitation. In creating the report, the Black Kite Research Team (BRITE) examined nearly 5,000 companies across 10 sub-categories in the manufacturing industry, exploring the third-party risk landscape and the impacts of cyberattacks within the sector.
Rapid digital transformation in recent years has made manufacturing organizations prime targets for cyber attacks. Threat actors know that defense strategies have not kept pace with the rapidly expanding attack surface and these companies play critical roles within global supply chains. Attacks within manufacturing can result in cascading operational disruption and financial and reputational damage. When considering the potential for impact and the sector’s vulnerable state, it is no surprise that, according to Black Kite data, manufacturing was the top industry victimized by ransomware attacks over the analyzed one-year time period (April 2023-March 2024), with more than 1,000 victims confirmed. Industrial machinery manufacturing tops the list of ransomware victims in the space, followed by motor vehicle parts manufacturing, and pharmaceutical and medicine manufacturing.
“Due to its critical nature, the manufacturing industry is a prime target for bad actors to exploit. Although these organizations have invested substantially in protecting physical and operational technology, their expanding digital footprints are a point of weakness that must be addressed,” said Ferhat Dikbiyik, chief research and intelligence officer at Black Kite. “Organizations in this sector need to immediately take note of their high risk and fortify their cyber defenses to mitigate the chances of becoming the next ransomware statistic.”
A significant portion of the report highlights the top risks that are most often present when companies are compromised. Some of these findings include:
- 69% of companies analyzed have exposed credentials in the last 90 days.
- A significant portion of manufacturing companies have also had vulnerabilities from the CISA known exploited vulnerabilities (KEV) catalog (67%) and broken crypto algorithms (62%).
- Most manufacturers analyzed applied good application security practices; however, 30% of companies have critical vulnerabilities in web applications that threat actors can exploit.
- Poor patch management is pervasive across the industry; 94% of companies in the furniture and related product manufacturing sub-industry scored a D or F in patch management, which means most of tier assets are running vulnerable or out-of-date products.
“It is important to note that in manufacturing, many systems are integral to the production process and cannot be easily updated without potentially impacting operations. However, this does not justify exposing these systems to the internet, where they can become easy targets for cyberattacks,” Dikbiyik said. “Unfortunately, the machines we observed were indeed exposed, heightening the security risks for these organizations.”
The report also ranks manufacturing companies’ probability of a ransomware attack occurring using Black Kite’s Ransomware Susceptibility Index® (RSI™). Black Kite collects data from open source intelligence sources (OSINT) — internet scanners, hacker forums and sources on the deep/dark web and more — and then uses machine learning to make correlations with a company’s existing security controls to approximate potential risk for ransomware attacks. With its RSI score, a company can know the likelihood of an attack in minutes on a scale that ranges from 0.0 (lowest probability) to 1.0 (highest probability).
According to the report, every sub-industry in manufacturing examined averaged a 0.4 or greater RSI score, placing them in the critical category, meaning they are 3.4 times more likely to experience a ransomware attack. The risk is significantly higher in many subcategories. For instance, more than 60% of companies in both chemical manufacturing and transportation and equipment manufacturing fell into the critical category.
To learn more, visit the blog.
About Black Kite
Black Kite gives companies a comprehensive, real-time view into cyber ecosystem risk so they can make informed risk decisions and improve business resilience while continuously monitoring more vendors, partners, and suppliers in an ever-changing digital landscape.
Through an automated process, and a combination of threat, business and risk information, Black Kite provides cyber risk intelligence that goes beyond a simple risk score or rating.
Black Kite serves more than 3,000 customers in a wide range of industries and has received numerous industry awards and recognition from customers.
Learn more at www.blackkite.com, on the Black Kite blog.
Copyright © 2024 Black Kite, Inc. All rights reserved. All other brand names, product names, or trademarks belong to their respective holders.
Media Contact:
Geena Pickering
Look Left Marketing