In 2020, ransomware actors demanded $17 million from a laptop maker and $34 million from a Taiwanese electronics contract company. The past two years have also delivered major disruptions for supply chains. The pandemic pushed supply chain attack issues front-and-center, with disruptions up 67% in 2020 and problems expected to persist as global markets adjust to the ‘new normal’.

With these two areas now among the top targets for cyber criminals, what lies ahead? Check out our top stories from the world of manufacturing and supply chain IT security in 2021. Here, you’ll find clues on what to expect and tips for how you can better protect your business.

Quick Briefs: Top Manufacturing/Supply Chain Insights

Threat Actors’ Most Targeted Industries in 2020: Finance, Manufacturing and Energy
7-Minute Read 🕒

In March, IBM Security’s annual X-Force Threat Intelligence Index found manufacturing is now one of the most targeted industries for cyber attacks. Ranked as the eighth most attacked in the 2019 report, it jumped to second place in 2020. It received 17.7% of all attacks on the top 10 industries — more than double the 8.1% of attacks it faced the year prior. This may be driven by the interest malicious actors have in targeting infrastructure with connections to operational technology (OT).

The manufacturing sector, where every minute of downtime is costly, also faced a high proportion of ransomware attacks. Threat actors sought to disrupt work in places with high pressure to pay a ransom. The report found 21% of ransomware attacks happen against manufacturing, while four times more business email compromise (BEC) attacks hit manufacturing companies than in any other industry.

Manufacturing Cybersecurity Threats and How to Face Them
3-Minute Read 🕒

OT and the Industrial Internet of things (IIoT) are becoming more attractive to manufacturers looking to gain crucial insights into the way their operations are functioning. But there’s a downside. Many OT assets aren’t ready to defend against today’s threats. Some of those assets are decades-old legacy systems that use proprietary protocols to talk to one another. As such, they can’t easily receive remote updates unless the owners take them offline. But doing that threatens the uptime of their physical processes. This makes it difficult for businesses to keep these assets secure as they go online via the ongoing IT-OT convergence. No doubt this contributes to the growth of digital threats confronting the industry.

Luckily, it’s possible to overcome these challenges. Business leaders just need to bring IT and OT together with a bit of care. Read this article to find out about best practices you can adopt to combat these risks.

The Weaponization of Operational Technology
8-Minute Read 🕒

As we’ve noted previously, OT threats are on the rise. And of all the attack types IBM X-Force has observed against OT entities, ransomware is the leader. In fact, nearly one-third of all attacks X-Force observed against groups with OT networks in 2021 have been ransomware.

Read this blog to learn about measures you can take to enhance security for OT networks. It’s based on insights gained from the X-Force Red pen testing team, as well as X-Force incident response’s work assisting OT clients.

Supply Chain Attack: What It Is (and What to Do About It)
4-Minute Read 🕒

Increasing reliance on digital supply chain solutions has set the stage for increasing supply chain attacks. This article examines what enterprises need to know about supply chain threats. It also examines some of the most notable 2021 supply chain attacks. In one notable instance, DevOps tool provider Codecov disclosed that threat actors compromised their Bash script uploader. This allowed the attackers to capture information stored by Codecov customers in continuous information environments. Third-party researchers also found that attackers might have been able to “raid additional resources” and gain access to user credentials. From there, this could, in turn, lead to even larger breaches.

Read this article to find out about some of the most common supply chain threat vectors. How can you help reduce the risk of supply chain threats?

What Biden’s Cybersecurity Executive Order Means for Supply Chain Attacks
5-Minute Read 🕒

On May 12, 2021, President Joe Biden signed an executive order to modernize cybersecurity defenses and protect federal networks. To be precise, the order forces organizations to consider cybersecurity throughout their supply chain and within their vendor population. It covers a wide range of issues, including sharing threat information, public/private partnership and closer teamwork with federal partners.

The order puts the onus on the federal government to take at least some responsibility for protecting digital systems. In addition, it sets up working groups and takes existing National Institute of Standards and Technology (NIST) guidelines as formal instructions around some government agencies.

Read the full story to find out more about the contents of the executive order. Plus, why are attackers focusing on supply chains? Lastly, see how to better secure your business against supply chain attacks.

REvil Ransomware Gang Launches Major Supply Chain Attack Through Kaseya
6-Minute Read 🕒

On July 2, 2021, Kaseya notified customers of a compromise affecting the company’s VSA product in a way that poisoned the product’s update mechanism with malicious code. VSA is a remote monitoring and management tool for networks and endpoints intended for use by enterprise customers and managed service providers. Although it was at first believed that attackers targeted only 50 companies using VSA on-premises, the evolving case revealed more potential victims. Numbers climbed to 1,500 to 2,000 companies likely exposed to downstream impact by this major attack. Find out more about how the attackers got in, who was impacted and what was done to respond.

More on the Status of Manufacturing IT Security

In September, Varonis released its 2021 Manufacturing Data Risk Report. They analyzed a random sample of Data Risk Assessments for 50 industrial manufacturers and engineering companies. From there, they could determine how data becomes exposed and at risk. The report found every employee can access, on average, six million files on their first day on the job, and four in 10 organizations have 1,000+ sensitive files open to every employee.

Also in September, Sophos released its State of Ransomware in Manufacturing and Production 2021 report. This was based on the findings from an independent survey of 5,400 IT decision-makers, including 438 in the manufacturing and production sector, conducted at the start of 2021. The report found ransomware hit 36% of the groups surveyed in 2020.

Finally, NTT’s 2021 Global Threat Intelligence Report (GTIR) revealed that the manufacturing industry saw a 300% increase in worldwide cyberattacks in 2020.

More from Incident Response

How I got started: Incident responder

3 min read - As a cybersecurity incident responder, life can go from chill to chaos in seconds. What is it about being an incident responder that makes people want to step up for this crucial cybersecurity role?With our How I Got Started series, we learn from experts in their field and find out how they got started and what advice they have for anyone looking to get into the field.In this Q&A, we spoke with IBM’s own Dave Bales, co-lead X-Force Incident Command…

How Paris Olympic authorities battled cyberattacks, and won gold

3 min read - The Olympic Games Paris 2024 was by most accounts a highly successful Olympics. Some 10,000 athletes from 204 nations competed in 329 events over 16 days. But before and during the event, authorities battled Olympic-size cybersecurity threats coming from multiple directions.In preparation for expected attacks, authorities took several proactive measures to ensure the security of the event.Cyber vigilance programThe Paris 2024 Olympics implemented advanced threat intelligence, real-time threat monitoring and incident response expertise. This program aimed to prepare Olympic-facing organizations…

How CIRCIA is changing crisis communication

3 min read - Read the previous article in this series, PR vs cybersecurity teams: Handling disagreements in a crisis. When the Colonial Pipeline attack happened a few years ago, widespread panic and long lines at the gas pump were the result — partly due to a lack of reliable information. The attack raised the alarm about serious threats to critical infrastructure and what could happen in the aftermath. In response to this and other high-profile cyberattacks, Congress passed the Cyber Incident Reporting for Critical…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today