Statistics
Research by SecurityScorecard shows that the vast majority of the Global 2000 Forbes list's essential manufacturing organizations have high-severity vulnerabilities in their systems that have not been patched.
- Over 75% of manufacturing organizations have high-severity vulnerabilities in their systems that have not been patched.
- In 2022, early 40% of manufacturing companies reported malware infections, which is a considerable percentage.
- Around half of the critical manufacturing organizations, i.e. 48% obtained low-security ratings. The platform considers a number of important risk criteria, including DNS health, IP reputation, network security, web application security, leaked information, hacker chatter, endpoint security, and patching schedule.
- Unpatched high-severity vulnerabilities increased by 38% in the critical industrial sector year over year, and 37% of companies experienced malware infestations.
Underlining the Trend
- Last week, CISA published numerous advisories cautioning the ICS industry of critical security flaws impacting products from organizations like GE Digital, Mitsubishi Electric, and Contec.
- Another advisory advised against flawed products from Sewio, Siemens, Sauter Controls, and InHand Networks.
Advisories and Reports Underlining the Trend
CISA last week published multiple advisories warning the ICS industry of critical security vulnerabilities impacting products from GE Digital, Mitsubishi Electric, and Contec. Another advisory warned against flawed products from Sewio, Siemens, Sauter Controls, and InHand Networks.
Researchers from Trend Micro identified the Agenda ransomware group developing a new version of their ransomware in Rust, during the same month. The ransomware group has been targeting manufacturing and IT sectors in multiple different countries and made off with $550 million in earnings.
The rising cases of cyberattacks against critical infrastructure have made it necessary for policymakers and business professionals to have an in-depth understanding of the security measures in place for their manufacturing environment. It is being advised to strive for a more collaborative and integrated approach to cybersecurity resilience, that would bring together the public and commercial sectors to safeguard critical infrastructure all across the world.