More than three-quarters of manufacturing organizations harbor unpatched high-severity vulnerabilities in their systems, a study of the sector found.
New telemetry from SecurityScorecard shows a year-over-year increase in high-severity vulns in those organizations.
In 2022, some “76% of manufacturing organizations, SecurityScorecard observed unpatched CVEs on IP addresses our platform attributes to those organizations,” says Aleksandr Yampolskiy, co-founder and CEO of SecurityScorecard.
Nearly 40% of these organizations — which include metals, machinery, appliance, electrical equipment, and transportation manufacturing — suffered malware infections in 2022.
Almost half (48%) of critical manufacturing organizations received a ranking between “C” and “F” on SecurityScorecard’s security ratings platform.
The platform includes ten groups of risk factors, including DNS health, IP reputation, Web application security, network security, leaked information, hacker chatter, endpoint security, and patching cadence.
The severity of cyberattacks against manufacturers is noteworthy, Yampolskiy says.
“Many of these incidents have involved ransomware where the threat actor, usually in the form of a criminal group, sets out to make money through extortion,” he says. “While the ransomware problem is global, we’ve seen a rising number of attacks on critical infrastructure come from nation-state actors in pursuit of various geopolitical objectives.”
Meanwhile, incident response investigations by teams at Dragos and IBM X-Force overwhelmingly showed that the hottest operations technology (OT) target is the manufacturing sector, and the main weapon attacking these organizations is now ransomware.
Sophisticated state-sponsored actors such as Russia target several different critical infrastructure organizations across the US, from healthcare to