+44 118 905 5000
Contact Us

Manufacturing
NAICS 31-33

Please provide the information below to view the online Verizon Data Breach Investigations Report.

Submit View only

Thank you.

You will soon receive an email with a link to confirm your access, or follow the link below.

Download this document

Thank you.

You may now close this message and continue to your article.

  • Frequency

    		  

    2,337 incidents, 338 with confirmed data disclosure

    Top patterns

    		  

    System Intrusion, Basic Web Application Attacks, and Social Engineering represent 88% of breaches

    Threat actors

    		  

    External (88%), Internal (12%), Partner (1%) (breaches)

    Actor motives

    		  

    Financial (88%), Espionage (11%), Grudge (1%), Secondary (1%) (breaches)

    Data compromised

    		  

    Personal (58%), Credentials (40%), Other (36%), Internal (14%) (breaches)

    Top IG1 protective controls

    		  

    Security Awareness and Skills Training (CSC 14), Access Control Management (CSC 6), Secure Configuration of Enterprise Assets and Software (CSC 4)

    What is the same?

    		  

    System intrusion and Basic Web Application Attacks continue to be among the main patterns this industry faces.

    Summary

    		  

    Manufacturing continues to be a lucrative target for espionage, but is also increasingly being targeted by other criminals via the use of Denial of Service attacks, credential attacks and Ransomware.

  • Patterns

    		  

    5-Year difference

    		  

    3-Year difference

    Basic Web Application Attacks

    		  

    Greater

    		  

    Greater

    Social Engineering

    		  

    Less

    		  

    Less

    System Intrusion

    		  

    Greater

    		  

    Greater

  • Pattern

    		  

    Difference with peers

    		  

     

    System Intrusion

    		  

    Greater

    		  

     

    Basic Web Application Attacks

    		  

    Greater

    		  

     

    Social Engineering

    		  

    Less

    		  

     

  • Manufacturing, with its hum of machinery churning out the key components that make our modern life possible, continues to be a valued target for espionage (mostly due to recent indiscriminate supply chain attacks covered in a previous section). However, it has also become a lucrative target for financially motivated criminals looking to make a quick dollar. 

  • In previous reports, Manufacturing was largely targeted for their juicy schematics and secrets. For example, in 2016 over 55% of the incidents in this vertical involved Espionage (Figure 93), but that has been lower over the last few years. Or, conversely, the spies have upped their game to the point that they are no longer exposed. 

     

    DoSing against the machine

    For an industry where availability equals productivity, it’s interesting to see the yo-yo pattern that has been taking place with DoS attacks over the years. While DoS attacks initially reached its former peak in the 2018 report (over 40% of incidents), it’s been increasing since 2019 and now accounts for approximately 70% of incidents, which puts it more in line with what we see in other industries. This rise of DoS, while unlikely to prevent those key assets from actually running the manufacturing process, is still worth keeping in mind as integration increases between the OT side of the house and the IT side.  

    With regard to the breaches impacting this sector, one can find the usual suspects, such as stolen credentials (39%), Ransomware (24%) and Phishing (11%) demonstrated in Figure dcc3e261. These types of breaches appear to be impacting everyone regardless of industry. Implementing safeguards, such as the ones listed in the At a Glance table, should be a priority for this vertical. Otherwise, you might find your organization unexpectedly seizing up due to a certain someone with an anime girl avatar. 

Let's get started.