Threat Intelligence
Q1 2024 Cyber Threat Landscape Report: Insider Threat & Phishing Evolve Under AI Auspices
May 22, 2024
by Laurie Iacono, Keith Wojcieszek, George Glass
Wed, Jul 31, 2024
The State of Cyber Defense: Manufacturing Cyber Resilience
Manufacturing Cyber Resilience provides a holistic cybersecurity overview of the manufacturing sector, including insights from threat intelligence, data breach statistics, offensive security considerations and insight into the maturity of manufacturing organizations’ cybersecurity programs.
Download the ReportThe State of Cyber Defense: Manufacturing Cyber Resilience highlights the unique challenges the manufacturing industry faces and the key ways the industry can become more cyber resilient.
Kroll’s new report maps out the cybersecurity threat landscape the manufacturing sector currently operates in, looking at three key areas:
Detection and Response | Cyber Threat Intelligence | Offensive Security (OffSec) |
|---|---|---|
The cyber maturity of manufacturing organizations’ detection and response capabilities using data analyzed from 1,000 global cybersecurity programs. | Kroll’s frontline threat intelligence from over 3,000 incidents a year details the threats the manufacturing sector faces and how threat actors infiltrate their networks. | Kroll experts detail the key considerations for the manufacturing sector based on pen testing their networks, including how hackers find vulnerabilities and what the industry can do to protect itself. |
Key Highlights Include
- How to overcome challenges stemming from discrepancies between perceived and actual maturity
- Further insights into the cyber maturity of manufacturing organizations
- What the manufacturing sector needs to prioritize in its cybersecurity strategy
- The number of data breaches experienced by the industry in the past year
- Key considerations learned from Kroll’s cyber penetration experts
- How the breadth of the industry and reliance on the supply chain create weakness for the sector
- How organizations can begin to progress their detection and response maturity
The Manufacturing Sector Is Slightly More Realistic than Average
Perceived Cybersecurity Maturity, Manufacturing vs. Average
The Manufacturing Sector Is Slightly More Realistic than Average
In the State of Cyber Defense: Detection and Response Maturity Model, Kroll discovered there is a worrying disconnect between how mature organizations believe they are and how mature they are in reality.
In the case of the manufacturing sector, the gap still exists, but it is relatively smaller than in other sectors, with 28% of manufacturing respondents rating their overall cybersecurity program as “very mature.”
Despite manufacturing seeming to be more self-aware than other industries, manufacturing’s self-reported cyber maturity is still significantly higher than Kroll’s rankings based on organizations’ real-world threat detection and response capabilities.
Manufacturing Organizations Might Be More Mature than Most
Threat Detection and Response Capabilities Used by the Manufacturing Industry
Manufacturing Organizations Might Be More Mature than Most
The manufacturing industry is more likely than the average organization to have more mature threat detection and response capabilities.
Indeed, 8% of manufacturing industries surveyed employ the most mature capabilities compared to only 5% on average.
While this is encouraging, it is also worth noting that 25% of manufacturing respondents only employ the most basic security capabilities, such as cybersecurity monitoring.
The Biggest Concerns for the Manufacturing Industry
Threat Types of Most Concern to the Manufacturing Indsutry
The Biggest Concerns for the Manufacturing Industry
Manufacturing organizations appear to be most concerned about ransomware, followed by data leakage and phishing attacks, all more so than average.
Given the scale of the ransomware threat over the last five years, it is no surprise to see it is the threat that most concerns manufacturing respondents. Manufacturing is known to be one of the biggest targets for ransomware operators.
The Threats the Manufacturing Industry Faces
The manufacturing industry appears to be most concerned with ransomware; however, it is not in fact the most common threat type for the industry. Kroll’s Cyber Threat Intelligence team found that email compromise is the most common threat type, accounting for nearly half of Kroll incidents in the manufacturing industry.
Incidents by Threat Type in Manufacturing, May 2023 – May 2024
Initial Access Methods in Manufacturing, May 2023 – May 2024
Small Teams, Small Ecosystems
Number of Security Personnel
Small Teams, Small Ecosystems
Manufacturing organizations are more inclined to outsource their cybersecurity, which enables them to manage a smaller ecosystem of security platforms with a smaller team of trusted IT security professionals.
Across all industries, the average security team size is 25. In manufacturing, it is just 19.
There is a logical correlation between the size of a security team and the number of security tools it uses. A larger team can deploy and manage more platforms. In manufacturing, the most common response to the number of security platforms in use was four to five. Across all industries, the most common response was 10–12.
Number of Cybersecurity Platforms Used for Monitoring Alerts
However, just because a company uses more tools does not make them more secure. In fact, they could become less secure because it is more difficult to manage multiple platforms, and alerts fall through the cracks.
Much, Much More In the Report
Download the Report
Much, Much More In the Report
The full report also covers:
-
How to overcome challenges stemming from discrepancies between perceived and actual maturity
-
Further insights into the cyber maturity of manufacturing organizations
-
What the manufacturing sector needs to prioritize in its cybersecurity strategy
-
The number of data breaches experienced by the industry in the past year
-
Key considerations learned from Kroll’s cyber penetration experts
-
How the breadth of the industry and reliance on the supply chain create weakness for the sector
-
How organizations can begin to progress their detection and response maturity
For access to the full results, complete the form to download the report.
Cyber Risk
Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.
Kroll Responder MDR
Stop cyberattacks. Kroll Responder managed detection and response is fueled by seasoned IR experts and frontline threat intelligence to deliver unrivaled response.
Cyber Threat Intelligence
Threat intelligence are fueled by frontline incident response intel and elite analysts to effectively hunt and respond to threats.
Cyber Risk Retainer
Kroll delivers more than a typical incident response retainer—secure a true cyber risk retainer with elite digital forensics and incident response capabilities and maximum flexibility for proactive and notification services.
Penetration Testing Services
Validate your cyber defenses against real-world threats. Kroll’s world-class penetration testing services bring together front-line threat intelligence, thousands of hours of cyber security assessments completed each year and a team of certified cyber experts — the foundation for our sophisticated and scalable approach.
Red Team Security Services
Red team security services from Kroll go beyond traditional penetration testing, leveraging our frontline threat intelligence and the adversarial mindset used by threat actors to push the limits of your information security controls.
Ransomware Preparedness Assessment
Kroll’s ransomware preparedness assessment helps your organization avoid ransomware attacks by examining 14 crucial security areas and attack vectors.
24x7 Incident Response
Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.
Q1 2024 Cyber Threat Landscape Report: Insider Threat & Phishing Evolve Under AI Auspices
Managed Detection and Response
The State of Cyber Defense: Diagnosing Cyber Threats in Healthcare
April 17, 2024
Managed Detection and Response
The State of Cyber Defense 2023: Detection and Response Maturity Model
September 26, 2023
Managed Detection and Response
2023 State of Cyber Defense: The False-Positive of Trust
June 14, 2023
Managed Detection and Response
Microsoft Threat Detection and Response: Five Key Pitfalls (and How to Address Them)
April 24, 2023
by Rafael De Lima, Michael Cowley
Managed Detection and Response
Managed Detection and Response (MDR) Buyer’s Guide
October 31, 2022
by Marc Brawner, Mark Nicholls
Kroll is headquartered in New York with offices around the world.
55 East 52nd Street 17 Fl
New York NY 10055
Sign up to receive periodic news, reports, and invitations from Kroll.
Our privacy policy describes how your data will be processed.
© 2024 Kroll, LLC. All rights reserved.
Kroll is not affiliated with Kroll Bond Rating Agency,
Kroll OnTrack Inc. or their affiliated businesses. Read more.