Manufacturing
NAICS 31-33

Summary

This industry, like many others, is beset by Social Engineering attacks. Manufacturing also saw a marked rise in Ransomware related breaches.

Frequency

585 incidents, 270 with confirmed data disclosure

Top Patterns

System Intrusion, Social Engineering, and Basic Web Application Attacks represent 82% of breaches

Threat Actors

External (82%), Internal (19%), Multiple (1%) (breaches)

Actor Motives

Financial (92%), Espionage (6%), Convenience (1%), Grudge (1%), Secondary (1%) (breaches)

Data compromised

Personal (66%), Credentials (42%), Other (36%), Payment (19%) (breaches)

Top IG1 Protective Controls

Security Awareness and Skills Training (14), Access Control Management (6), Secure Configuration of Enterprise Assets and Software (4)

As we confronted our organic almond milk and toilet paper shortages this past year, we were reminded of the real implications of continuous strain on factories and the manufacturing supply chain. Certain areas in this vertical faced some very unique and difficult challenges in 2020 due to the demand created by the pandemic. Even so, the Manufacturing sector was still not given a free pass by the threat actors who are not known for their magnanimity. 

However, the challenges faced from a cybercrime perspective were not unique. In fact, Manufacturing suffered most from the same devious trio of System Intrusion, Social Engineering, and Basic Web Application Attacks as did our overall breach dataset.

The scenarios play out in Figure 110, which illustrates the top Actions taken in each step of the breach. Threat actors were more likely to use a Social attack (75.4% were Phishing), or a Hacking attack (79.5% were Use of stolen credentials) to gain the initial foothold. From there, either additional Credentials would be compromised and utilized, or Malware would be installed.

On that note, Ransomware played a significantly increased role in Malware associated breaches (61.2%) in relation to previous years. This is likely attributable to the continued rise of “name and shame” tactics of Ransomware actors. In those cases, we can be sure the data has been compromised as well as rendered inaccessible in place. 

Personal data was the most compromised data type in this sector, possibly also related to increased automation and the ease of attack. This data type (mostly consisting of customer PII) overtook Credentials, thus breaking the statistical tie we saw between them last year. This suggests more Actors are achieving their final goals, since Credentials breaches happen naturally as an attacker moves within an environment.