Manufacturing has been experiencing an increase in financially motivated breaches in the past couple of years, but espionage is still a strong motivator. Most breaches involve phishing and the use of stolen credentials.


    352 incidents, 87 with confirmed data disclosure

    Top 3 Partners 

    Web Applications, Privilege Misuse, and Cyber-Espionage represent
    71% of breaches

    Threat Factor

    External (75%), Internal (30%), Multiple parties (6%), Partner
    (1%) (breaches)

    Actor Motives

    Financial (68%), Espionage (27%), Grudge (3%), Fun (2%) (breaches)

    Data Compromised 

    Credentials (49%), Internal (41%), Secrets (36%) (breaches)

    Uncle Owen, this R2 unit has a financial motivator

    For the second year in a row, financially motivated attacks outnumber cyber-espionage as the main reason for breaches in Manufacturing, and this year by a more significant percentage (40% difference). If this were in most any other vertical, it would not be worth mentioning as money is the reason for the vast majority of attacks. However, Manufacturing has experienced a higher level of espionage-related breaches than other verticals in the past few years. So, shall we conclude that James Bond and Ethan Hunt15 have finally routed their respective nemeses for good? Are we free to buy the world a Coke and teach it to sing in perfect harmony? Probably not. A more likely explanation is that some of our partners who typically provide data around cyber-espionage were either unable to participate this year or simply hap­pened to work other types of investigations. This may have contributed to a bias on those results, meaning the real percentage of cyber-espionage cases was higher in the wild. If the relative percentage of one type of case goes down, the result is an apparent upswing in the other.


  • Figure 53
  • Speaking to the web application attacks, this industry shares the same burden of dealing with stolen web­mail credentials as other industries. Most breach­es with a web application as a vector also featured a mail server as an affected asset. From an overall breach perspective, the use of stolen credentials and web applications were the most common hacking action and vector – see Figures 54 and 55.

  • Figure 54


  • Figure 55
  • Secrets and truths

    The Cyber-Espionage pattern, while not as prominent as in past reports, is still an attack type that we recommend the Manufacturing industry defend against. The typical utilization of phishing attacks to convince users to install remote access tools that establish footholds and begin the journey towards stealing important competitive information from victims remains the same.

    In keeping with the aforementioned rise in financially motivated attacks, the primary perpetrator when known is organized crime. With regard to data variety, there is a group of four data types that feature prominently in this industry. Credentials (49%) and Internal data (41%), stem from the webmail attacks – if a more specific data type is not known, Internal is used for compromised organizational emails. Secrets (36%) drop from previous heights commensurate to the reduction in espionage as a motive. The fourth amigo is Personal information (25%), a data type that includes employee’s W-2 information and other nuggets that can be used for identity theft.

  • Things to consider

    Multiple factors work better than one

    It is a good idea to deploy multiple factor authentication throughout all systems that support it, and discourage password reuse. These actions will definitely help mitigate the impact of stolen credentials across the organiza­tion. 

    Recycling also applies for security

    Regardless of motivation, a large number of breaches in this sector started with phishing or pretexting attacks. Providing employees with frequent security training opportunities can help reduce the likelihood they will be reeled in by one of those attacks. 

    Workers must use safety equipment at all times

    Unless inconvenient to do so – due to the prevalence of malware usage in the espionage breaches, it is advisable to deploy and keep up-to-date solutions that can help detect and stop those threats.

15 Old-school readers, feel free to substitute Rollin Hand as the pop culture reference here if preferred.