Manufacturing
NAICS 31-33

Please provide the information below to view the online Verizon Data Breach Investigations Report.

The information provided will be used in accordance with our terms set out in our Privacy Notice. Please confirm you have read and understood this Notice.

By submitting the form, you are agreeing to receive insights, reports and other information from Verizon and affiliated companies in accordance with our Privacy Policy. California residents can view our California Privacy Notice.

Verizon may wish to contact you in the future concerning its products and/or services. If you would like to receive these communications from Verizon, indicate by selecting from the dropdown menu below. Please note that you can unsubscribe or update your preferences at any time.

Indicates a required field. The content access link will be emailed to you.

View only

Thank You.

Thank you.

You will soon receive an email with a link to confirm your access, or follow the link below.

Download this document

Thank you.

You may now close this message and continue to your article.

  • Frequency

     

    2,337 incidents, 338 with confirmed data disclosure

    Top patterns

     

    System Intrusion, Basic Web Application Attacks, and Social Engineering represent 88% of breaches

    Threat actors

     

    External (88%), Internal (12%), Partner (1%) (breaches)

    Actor motives

     

    Financial (88%), Espionage (11%), Grudge (1%), Secondary (1%) (breaches)

    Data compromised

     

    Personal (58%), Credentials (40%), Other (36%), Internal (14%) (breaches)

    Top IG1 protective controls

     

    Security Awareness and Skills Training (CSC 14), Access Control Management (CSC 6), Secure Configuration of Enterprise Assets and Software (CSC 4)

    What is the same?

     

    System intrusion and Basic Web Application Attacks continue to be among the main patterns this industry faces.

    Summary

     

    Manufacturing continues to be a lucrative target for espionage, but is also increasingly being targeted by other criminals via the use of Denial of Service attacks, credential attacks and Ransomware.

  • Patterns

     

    5-Year difference

     

    3-Year difference

    Basic Web Application Attacks

     

    Greater

     

    Greater

    Social Engineering

     

    Less

     

    Less

    System Intrusion

     

    Greater

     

    Greater

  • Pattern

     

    Difference with peers

     

     

    System Intrusion

     

    Greater

     

     

    Basic Web Application Attacks

     

    Greater

     

     

    Social Engineering

     

    Less

     

     

  • Manufacturing, with its hum of machinery churning out the key components that make our modern life possible, continues to be a valued target for espionage (mostly due to recent indiscriminate supply chain attacks covered in a previous section). However, it has also become a lucrative target for financially motivated criminals looking to make a quick dollar. 

  • In previous reports, Manufacturing was largely targeted for their juicy schematics and secrets. For example, in 2016 over 55% of the incidents in this vertical involved Espionage (Figure 93), but that has been lower over the last few years. Or, conversely, the spies have upped their game to the point that they are no longer exposed. 

     

    DoSing against the machine

    For an industry where availability equals productivity, it’s interesting to see the yo-yo pattern that has been taking place with DoS attacks over the years. While DoS attacks initially reached its former peak in the 2018 report (over 40% of incidents), it’s been increasing since 2019 and now accounts for approximately 70% of incidents, which puts it more in line with what we see in other industries. This rise of DoS, while unlikely to prevent those key assets from actually running the manufacturing process, is still worth keeping in mind as integration increases between the OT side of the house and the IT side.  

    With regard to the breaches impacting this sector, one can find the usual suspects, such as stolen credentials (39%), Ransomware (24%) and Phishing (11%) demonstrated in Figure dcc3e261. These types of breaches appear to be impacting everyone regardless of industry. Implementing safeguards, such as the ones listed in the At a Glance table, should be a priority for this vertical. Otherwise, you might find your organization unexpectedly seizing up due to a certain someone with an anime girl avatar. 

Let's get started.