#USA #Manufacturing #Boston #Ransomware #Black Kite

Analyzing the 2025 Manufacturing Report by Black Kite

In a recent report released by Black Kite, a leader in cyber risk intelligence, it has been revealed that manufacturers continue to be the primary target for ransomware attacks for the fourth straight year. The 2025 Manufacturing Report: Why Your Supply Chain is Your Biggest Cyber Risk outlines critical vulnerabilities within the manufacturing sector, highlighting the impact of rapid digital transformation and interlinked supply chains. The data collected indicates a troubling 9% increase in ransomware incidents compared to the previous year, a statistic that industry leaders cannot ignore.

Understanding the Threat Landscape

The core of the issue lies in the manufacturing industry's intricate network of supply chains. As noted by Fehart Dikbiyik, Black Kite's Chief Research Intelligence Officer, the industry's most significant weaknesses stem not from its own infrastructure but from the vast, interconnected supply chains that support these enterprises. As manufacturers accelerate their digital transformation efforts in the wake of COVID-19, many are finding themselves with expanded attack surfaces and growing numbers of vulnerabilities that are slow to be addressed, consequently increasing their risks to ransomware attackers.

The Scope of Attacks

The report details distressing statistics regarding ransomware attacks across various sectors of manufacturing. For instance, a staggering 38.9% of ransomware victims among companies earning over $1 billion belong to the manufacturing sector. Even smaller companies within the industry are not spared, with 30% of those earning between $100 million and $300 million also falling victim to these attacks. Moreover, manufacturers with annual revenues of less than $20 million comprise 17% of targeted industries. This widespread targeting from both established ransomware groups and emerging less-organized factions underscores the urgency for improved cybersecurity measures within the sector.

Dissecting Supply Chain Vulnerabilities

The increasing ransomware trend has been closely linked to vulnerabilities throughout the supply chain. New and smaller groups of cybercriminals are now preying on less secure suppliers, exploiting their weaknesses as pathways into larger manufacturing systems. This tactic not only highlights the need for robust third-party risk management but also exposes a critical flaw in the traditional security models that many manufacturers rely on.

Key Findings of the Report

1. Manufacturing's High-Value Target Status: Cybercriminals are strategically focusing on the manufacturing industry due to its operational needs and the critical nature of supply chains globally.
2. Distribution of Threats Across Sub-industries: The data indicates that ransomware attacks are widespread across different types of manufacturing sectors. This signifies that attackers prioritize industries that are pivotal in sustaining broader economic workflows over the specific field of manufacturing.
3. Pervasive Vulnerabilities: Alarmingly, 75% of manufacturing companies experience critical security vulnerabilities rated 8 or higher on the Common Vulnerability Scoring System (CVSS). Furthermore, 65% have vulnerabilities cited in the CISA Known Exploited Vulnerabilities Catalog, signifying that these gaps are likely already being exploited by malicious actors.
4. Escalating Third-Party Risks: The report sheds light on a 9% year-over-year increase in ransomware incidents, largely attributed to supply chain breaches, showcasing that attackers are increasingly focused on smaller enterprises.

Recommendations for Mitigating Risks

Given the alarming trends discovered, Black Kite offers several strategies that manufacturers can implement to fortify their cybersecurity posture:

• - Implement Robust Third-Party Cyber Risk Management: It is crucial for manufacturers to evolve beyond basic vendor questionnaires. A comprehensive third-party cyber risk management (TPRM) program can identify and monitor risks effectively across their ecosystem.
• - Prioritize Foundational Cyber Hygiene: An immediate focus on patch management to address critical vulnerabilities is necessary. This attention must extend beyond internal networks to encompass the entire supply chain to prevent potential disruptions.
• - Utilize the Ransomware Susceptibility Index (RSI™): Companies can leverage this tool to assess and mitigate risks from third-party suppliers who may be more vulnerable to attacks, ensuring operational continuity.
• - Adapt to Evolving Threats: In the dynamic ransomware landscape, security teams need to adopt intelligence-led strategies, employing tools that provide early warning signals to maintain a proactive defense.

With these insights, Black Kite advocates for a systematic reassessment of existing cybersecurity strategies within the manufacturing industry. Continuous management and monitoring of third-party relationships and expansive supply chains are vital to improving resilience against future ransomware threats.

For further details, you can access the complete report at Black Kite.