To understand the extent to which the manufacturing sector is protecting its sensitive information from these evolving threats, software company Varonis developed the 2021 Manufacturing Data Risk Report.
It examines the state of data security—on-premises, cloud, and hybrid environments—for industrial manufacturers and engineering firms by analysing a random sample of data risk assessments in 50 companies—and a total of 4 billion files—to determine how data is exposed and at risk.
This report aims to help manufacturing organisations assess the current cybersecurity landscape objectively and provide advice that companies can leverage to decrease their attack surface.
Manufacturing was the fifth most targeted industry in 2020, with the average data breach costing $4.99 million. The average breach in the manufacturing sector takes 220 days to contain—one of the longest threat lifecycles out of any industry. Overexposed information—especially sensitive data—exponentially increases risk.
This exposure is your blast radius—the damage an attacker can do once inside your environment.
If just one employee clicks on a phishing email, an attacker can potentially access every file an employee can touch.
The report’s key findings include:
- Every employee can access, on average, six million files on their first day on the job.
- Four in 10 organisations have 1,000+ sensitive files open to every employee.
- 44% of companies have more than 1,000 active “ghost user” accounts enabled.
- More than half of companies have 500+ accounts with passwords that never expire.
Larger companies are twice more exposed
On average, every employee has access to over six million files — nearly one out of every five files — on their first day on the job. For large companies, that number doubles. At firms with more than 1,500 workers, employees can access over 12 million files.
One out of every ten files open to everyone in the company is sensitive. These files may include intellectual property, employee data, manufacturing and supply chain information, product development documentation, and marketing plans.
Protecting manufacturing data
Global access groups (e.g., everyone, domain users, authenticated users) are helpful for internal collaboration, but they also make it much easier for cybercriminals to infiltrate your environment.
The study points if a bad actor compromises one end user, they can gain a foothold that enables them to copy, share, delete, and change unprotected sensitive information.
44% of manufacturing companies average 1,000+ files open to every employee — and more than one in five have 10,000 files open to every employee.
Companies with overexposed sensitive data can limit open access by enforcing a least privilege model to reduce risk.
Manufacturing companies store above-average amounts of stale sensitive data, which may expose flaws and inflates storage costs unnecessarily. On average, 78% of an organisation’s sensitive files are stale and could be deleted or archived.
Vulnerabilities in active directory
Inactive user and service accounts that remain enabled long after employees leave (ghost users) provide attackers with plenty of time to brute-force their way into your environment and, once inside, move through your data stores.
From there, they can quietly steal data and avoid detection before encrypting it. Inactive, but enabled, privileged admin accounts with passwords that never expire are one of the best gifts you can give cybercriminals. These often overlooked vulnerabilities are difficult to detect and root out without proper visibility into your environment.
The study found out that 56% of companies have over 500 accounts with passwords that never expire and 44% of companies have more than 1,000 active “ghost user” accounts enabled.
“Manufacturers hold sensitive, and incredibly valuable data that put them at risk. And as we saw with WannaCry and DarkSide. All too often, information is overexposed and under protected. To limit the damage attackers can do, you must reduce your blast radius,” suggests Varonis technical director Matt Lock.
“Companies need to ask themselves three questions to better prepare for an attack: Do you know where your important data is stored? Do you know that only the right people have access to it? Do you know that they’re using data correctly? If you don’t know the answers to these three questions, you won’t be able to identity the early stages of a cyberattack,” Lock explains.
The report concludes:
1. The manufacturing industry’s cybersecurity maturity lags behind other industries such as finance, with nearly half of all companies still underprepared for a disruptive attack.
2. Manufacturers’ cybersecurity preparedness is more likely to vary when compared to regulated sectors like healthcare and finance. While some companies have mature data security policies and incident response procedures, others have taken few mitigative steps.
3. Manufacturing companies can position themselves for success by deploying solutions to their full potential, removing data security blind spots by adding visibility, and reducing access to data on a least-privilege basis using automation. Reducing your blast radius will help minimise the damage attackers can do when—not if—they land on your network.