In recent times, cyberattacks targeting critical infrastructure have become all too frequent, with many of these incidents involving ransomware. Particularly, the manufacturing sector seems to be lagging behind when it comes to cyber resilience.

Some stats your way

A study by SecurityScorecard found that a large majority of critical manufacturing organizations in the Global 2000 Forbes list have unaddressed high-severity vulnerabilities in their systems.
  • A staggering number of manufacturing companies, more than 75%, have unaddressed high-severity vulnerabilities in their systems.
  • In 2022, a significant number of manufacturing organizations, nearly 40%, experienced malware infections. 
  • Additionally, almost half of the critical manufacturing organizations, 48%, received poor security ratings on SecurityScorecard's platform. The platform takes into account several key risk factors, including DNS health, IP reputation, web application security, network security, leaked information, hacker chatter, endpoint security, and patching schedule.
  • The critical manufacturing sector witnessed a significant year-over-year rise of 38% in unpatched high-severity vulnerabilities, while 37% suffered malware infections. 

Advisories and reports underlining the trend

  • The CISA last week published multiple advisories warning the ICS industry of critical security vulnerabilities impacting products from GE Digital, Mitsubishi Electric, and Contec.
  • Another advisory warned against flawed products from Sewio, Siemens, Sauter Controls, and InHand Networks. 
  • In the same month, Trend Micro researchers spotted the Agenda ransomware group coming up with a new variant of its ransomware in Rust. It had been targeting manufacturing and IT sectors across several nations and made off with $550 million in profits. 

Securing medical device manufactures

  • The FDA, in December 2022, secured an omnibus package of $1.7 trillion that would allow the agency to implement medical device security requirements for manufacturers. 
  • This ensures that all new medical devices that are introduced to the market will be developed with the prerequisite security measures, on priority. As a result, all medical device submissions will have to include a software bill of materials and sufficient proof that the product can be updated and patched.

The bottom line

It is crucial for policymakers and business leaders to have a clear understanding of the security measures in place for their manufacturing environments. They should work toward a more collaborative and integrated approach to cybersecurity resilience, in a way that brings together the public and private sectors for protecting critical infrastructure around the world.
Cyware Publisher