Supply chain attacks are increasing, according to a recent report, with manufacturers often in the firing line.

With many supply chains now digital or hybrid – and often complex or diffuse in extended enterprises of partners and suppliers – this makes securing them essential.

The 2022 Cloud Security Report from cybersecurity vendor Netwrix reveals that 51 percent of manufacturers have experienced attacks on their cloud infrastructure within the last 12 months. 

The most common type of attack is phishing, reported by nearly three-quarters (73 percent) of respondents. 

Other findings should be a concern to the sector:

“Compared to other industries, manufacturing turned out to be more prone to account compromise and supply-chain attacks over the last year. 

“Thirty-eight percent of respondents in this sector had to deal with account compromise at least once, while the average for all other industries was 31 percent. 

“Similarly, 19 percent of manufacturing organisations experienced supply chain compromise, but only 15 percent of respondents from other verticals reported this type of attack.”

According to the vendor, the most common reason for cloud adoption in manufacturing is supporting remote workers, cited by 57 percent of respondents – though these findings are likely to have been influenced by Covid lockdowns.

“Business pressure to grant remote access quickly to many workers leads to a wider attack surface and might be the root cause for the increased number of account compromise attacks,” said Dirk Schrader, VP of security research at Netwrix. 

“To mitigate this risk, manufacturing organisations should pay closer attention to identity management, especially for privileged accounts. 

“A zero standing privilege approach is particularly effective in this situation, since it creates accounts only on request and deletes them once the specified task is completed.” 

The survey also shows that cloud adoption in manufacturing is progressing slower than in other markets. 

“While on average 41 percent of workloads are already in the cloud, manufacturing organisations have moved only 35 percent of their operations there,” says the report.

“Lack of budget is the main factor slowing cloud adoption; 45 percent of respondents in this industry highlighted this reason, compared to 35 percent overall.”

Manufacturers are also more concerned than other sectors about the cyber risks associated with their own employees, suggests the report. Forty-eight percent of respondents consider their staff to be one of the biggest risks to data security in the cloud, 11 percent higher than the average. 

“This affects cybersecurity decisions. In the manufacturing sector, 75 percent have implemented multifactor authentication and 70 percent audit user activity, compared to 69 percent and 58 percent, respectively, in other industries,” says the report.

Another recent report, from vendor WithSecure, looks specifically at supply chain security. It says:

“Attacks on application software peaked in 2017, while hits on utility software hit apex in the following year. However, attacks on popular code repositories have been soaring since 2020 and are increasing every year. 

“We should regard all of these incidents as explicit assaults on trusted relationships and collaboration.”

Source: Press release