Ransomware Attacks in Manufacturing Pose An Increasing Threat
Cyberattacks are a constant threat to organizations of all sizes. Manufacturing and production industries may have experienced fewer cyberattacks than other industries, but companies are still at risk from bad actors. To gain a better understanding of the current attack environment and track changes over time in ransomware trends, Aunalytics security partner Sophos commissioned an independent, vendor-agnostic survey of 5,600 IT professionals in mid-sized organizations across 31 countries. Out of all the respondents, 419 were from the manufacturing and production industry. This survey was conducted in January and early February of 2022. While it’s true cyber insurance has been playing a greater role in helping organizations improve their ability to recover from attacks, survey responses clearly indicate the rising threat ransomware poses to the manufacturing industry.
Cyberattacks Are Up From Previous Year
Ransomware attacks have increased significantly over the past year—55% of manufacturing and production organizations surveyed were hit by an attack in 2021, up 36% from 2020. Bad actors are now considerably more capable of attacking businesses and executing harmful tactics at scale. The Ransomware-as-a-Service model is one cause of this year’s increased attacks, as the required skill level for bad actors to hamper the day-to-day operations of an organization has gone down significantly.
Apart from the rising prevalence of these attacks, the sheer complexity of each attack is also on an upwards trajectory. While the manufacturing and production industry reported the lowest rate of ransomware attacks, but, with over half of all respondents in all surveyed industries reporting that their company was been injured by bad actors, the reality is that every organization is at high risk of attack. In 2021, 57% of attacks in the manufacturing and production industry resulted in important data being encrypted. Additionally, 59% percent of organizations who experienced cyberattacks saw the complexity of the attacks increase, while 61% saw an increase in the overall volume of cyberattacks.
Data Recovery Rates Are Improving
While the increase in cyberattacks paints a bleak picture, there is a silver lining to this dark cloud. 96% of manufacturing and production organizations were able to get some of their encrypted data back. The top method used to restore data was backups, which were used by 58% of organizations whose data was encrypted in an attack. Unfortunately, despite the utilization of backups, a third of the effected organizations still had to pay a ransom to ensure that more their data was restored.
Unfortunately, while paying a ransom typically allows organizations to get some data back, it is proving to be less effective than in years past. On average, in 2021, organizations that paid a ransom only got back 59% of their data, and only 7% of those that paid the ransom got ALL of their data back. This highlights the importance of employing multiple methods to restore data—utilizing backups in particular can improve the speed of recovery and increase the amount of data that can be recovered in the event of an attack.
Ransom Payments Have Increased
The average ransom pay-out has seen an exponential increase from what was reported in 2020 data, rising from an average of $147K (USD) to a jaw-dropping $2,036,189 (USD) in 2021.
Ransomware Has a Massive Impact on a Company’s Financial Status and Operational Capacity
Even when some of the encrypted data is restored after a cyber-attack, there are additional costs in the form of lost productivity and a decline in operational capacity, which can have a considerable impact on your company. Of those hit by ransomware last year, 77% said their most significant attack impacted their ability to operate, while 71% said it caused them to lose business and/or revenue. The average cost to remediate an attack in 2021 was $1.23M (USD), down from $1.52M (USD) in 2020. This was due in part to cyber insurance providers being able to better guide victims through an effective response more rapidly.
Although there have been improvements in total recovery time over the years, it still took, on average, one week for manufacturing and production organizations to fully recover from the most significant attacks.
Despite the huge economic costs of ransomware attacks, many organizations are continuing to put their faith in defenses that don’t actually prevent ransomware—only more quickly mitigate its effects. Most of the organizations in the survey who weren’t hit by ransomware in the past year and didn’t expect to be hit in the future cited backups and cyber insurance as reasons why they don’t anticipate an attack. It’s important to note that neither of these elements can actually prevent cyber-attacks.
Simply having security mitigation resources in place does not mean that they will be effective against malicious attacks. Despite having ample resources—in both personnel and technology—organizations will not achieve a high return on investment without a combination of the right technology and expertise to use the technology effectively.
Cyber Insurance Drives Changes to Cyber Defenses
Thankfully, organizations do not have to shoulder the burden of ransomware costs all on their own. The survey found that three out of four manufacturing and production organizations had insurance against ransomware attacks. Organizations that had been previously hit by ransomware attacks in the past were much more likely to have cyber insurance coverage against ransomware. However, many respondents indicated that securing coverage has changed or gotten more difficult to obtain in the past year:
- 56% said the level of cybersecurity they need to qualify is now higher
- 53% said policies are now more complex
- 42% said it is more expensive
- 35% said fewer companies offer cyber insurance
- 30% said the process takes longer
As a result, 97% of organizations that have cyber insurance have made changes to their cyber defenses to improve their cyber insurance position. 70% have implemented new technologies and services, while 63% have increased staff training and educational activities, and 59% have changed processes and behaviors.
But It Doesn’t End There
The State of Ransomware 2022 survey by Sophos has revealed that ransomware continues to be an imminent threat for the manufacturing and production industry. For many, choosing an experienced partner with expertise in cybersecurity not only improves their chances of getting approved for the right amount of cyber insurance coverage, but can also ensure that companies see an higher return on investment and improved ability to both prevent and mitigate attacks in the future.
Lowering Cybersecurity Insurance Premiums with Managed Security Services
Lowering Cybersecurity Insurance Premiums with Managed Security Services
Midmarket organizations face the threat of cyberattacks that put every organization at great risk. As a result, a greater number of IT professionals are turning to managed security services to lower cybersecurity insurance premiums.
Fill out the form below to receive a link to the article.
Aunalytics is a data platform company. We deliver insights as a service to answer your most important IT and business questions.
Featured Content
Nothing found.
Lowering Cybersecurity Insurance Premiums with Managed Security Services - PDF
Lowering Cybersecurity Insurance Premiums with Managed Security Services
Midmarket organizations face the threat of cyberattacks that put every organization at great risk. As a result, a greater number of IT professionals are turning to managed security services to lower cybersecurity insurance premiums.
Data Scientists Need Usable Data
Data Scientists Need Usable Data
It is a well-known industry problem that data scientists typically spend at least 80% of their time finding and prepping data instead of analyzing it. Learn how a data platform can help mitigate this issue.
The Key to Data-Driven Success for Mid-market Companies Starts Here
The Key to Data-Driven Success for Mid-Market Companies Starts Here
What’s the #1 pain point for IT professionals? According to the business knowledge resource Insights for Professionals, it’s data center management. With this reality in mind, the foundation of digital transformation success for a data-driven business must begin at the data center level, where servers store your data, CPUs power your computations, and your systems are ideally kept stable, operational, and secure for all users, including those accessing company systems and data from multiple remote locations. Competitive mid-market companies rely on data center engineers who specialize in uptime by proactively preventing downtime, as well as connectivity, storage, security, and monitoring.
Effectively managing data to support accessibility and security requires consistent monitoring and up-to-date solutions. Yet the latest research shows that investing in on-premise infrastructure for data management, compliance, and analytics is too pricey for most mid-market companies — and from the view of many IT directors, on-premise solutions have already morphed into old relics. In 2022, Insights for Professionals reported that nearly two-thirds (63 percent) of senior IT leaders and company executives aren’t planning to attempt to maintain servers on-premise. Instead, the majority of leaders surveyed plan to invest in cloud infrastructure as a service.
Moving into the Future
In short, entire businesses are migrating to the cloud, not just the technology. The infinite growth of data, applications, connections, and workloads will only further exacerbate businesses’ ability to adapt to new lines of business applications and platforms, meet security and governance requirements, and seamlessly orchestrate and analyze data for business outcomes. As a result, a growing number of mid-market companies are recognizing the value of working with partners to transition storage, computing, backup, and hosting services to cloud-based platforms to leverage the scale and compute power they can provide.
Gartner reports that by 2025, the vast majority — 85 percent — of enterprises will have already shifted over to a cloud-first approach. How did this changing of the guard occur so quickly? According to Gartner, it can be traced in part to the COVID-19 pandemic, which has accelerated cloud adoption since 2020, ushering it in as the “de facto new normal.” Gartner analysts including Gregor Petri even go so far as to state that “enterprise architecture and technology leaders should reject any new product that does not follow ‘cloud first’ as a guiding principle.”
Mid-Market Essentials
There are solid reasons behind mid-market businesses moving their data out of on-premise environments, particularly due to the efficiencies obtained from cloud-based business applications in multi-cloud and hybrid environments. This brings us back to data center vendors, who must then be ready to absorb the responsibility and cost of infrastructure capital expenses and maintenance — and it looks like many are already prepared to do so. In 2022 alone, nearly one-third (32 percent) of those surveyed by Insights for Professionals were planning to invest heavily in cloud management, to the tune of $500,000, while nearly 30 percent plan to spend even more. The largest part of this cloud management investment is being channeled toward security, with enterprises intending to spend 82 percent of this budget on data protection.
This is not a passing trend and is expected to have long-term consequences for purchase decisions in mid-market companies. By 2023, as scalability and cohesive cloud ecosystems join the ranks among the top three buying considerations for IT, Gartner anticipates that cloud architects will become key stakeholders when choosing tools for analytics and business intelligence. Here’s another surprising statistic to show the direction we’re heading in: while hyper-scale cloud providers (hyper-scalers) delivered and managed less than 1 percent of installed edge computing platforms in 2020, Gartner predicts this number to balloon to 20 percent by the end of 2023.
Different Needs for Mid-Market Players
There’s a catch, though, about hyper-scalers: most are not built for the mid-market. Therefore, mid-market companies won’t be able to reap the maximum benefit from the ability of traditional hyper-scale cloud providers to bring global business solutions, outsourcing, and consulting capabilities that can help other types of organizations migrate to, adopt, and build cloud-native offerings. It’s true that traditional hyper-scalers excel in leveraging the expertise of their cloud professionals to consult for platform re-architecture, application development, data migration, and transitioning services from technology stacks into macro- and microservices hosted in a data center on-premise, private cloud, public cloud (or any multi-cloud or hybrid combination thereof) — but not generally for mid-market companies.
Let’s drill down into some specific problems for mid-market players around hyper-scale cloud providers:
- It can be cost-prohibitive to obtain the level of help that most mid-market companies require, since most hyper-scalers are priced for large enterprises. Mid-market companies tend to need “white glove” services, which carry the highest price tag.
- Greater needs. Enterprises are more likely to already have in-house teams with the necessary skillsets to work with traditional hyper-scalers, compared to mid-market businesses that often have higher needs for expert help.
- No data analytics. While many enterprise hyper-scalers help migrate data to third-party cloud vendor platforms, their services end there, as they don’t offer data analytics.
Mid-market companies need technical experts to help build solutions on a mid-market budget — specifically, they require a hyper-scaler capable of providing an end-to-end solution focused on the mid-market sector. The goal in evaluating potential solutions providers should be for the cloud foundation to operate seamlessly with end-to-end data management and analytics solutions. With an end-to-end solution, mid-market businesses have the opportunity to obtain the results they desire without wasting time on a “Frankenstein” approach, assembling parts and pieces of multiple technologies and tools in an attempt to construct a reliable system that actually works. It’s only by going the end-to-end route that mid-market companies can receive the greater level of assistance they need on the technology front, as well as benefit from the robust data and analytics skillsets necessary to achieve meaningful business outcomes, without paying enterprise prices.
What Mid-Market Companies Need for Data-Driven Success and How to Get It
What Mid-Market Companies Need for Data-Driven Success and How to Get It
Using your data as an asset to drive competitive business growth and achieve cost cutting operational efficiencies is imperative for a company to compete, survive, and thrive. Increasingly, data and analytics have become a primary driver of business strategy and the potential of data-driven business strategies is greater today than ever.
