Dive Brief:
- Almost half of all critical manufacturing across the globe faces a significant risk of a data breach, according to a report released at the World Economic Forum in Davos, Switzerland by SecurityScorecard last week.
- The report indicates 48% of critical manufacturing providers in the key sectors as designated by the U.S. government, were rated C or below for cyber resilience, making them more vulnerable to malicious activity.
- “The critical infrastructure sector has work to do to achieve cyber resilience,” Aleksandr Yampolskiy, co-founder and CEO of Security Scorecard, said via email. An increasing number of critical manufacturers rely on automation and their risk levels are based on secure connections with an entire ecosystem of connected parts and applications.
Dive Insight:
Those very partnerships add to the level of cyber risk for many critical infrastructure providers — as 54% of confirmed breaches are due to the cybersecurity gaps of other organizations, Yampolskiy said. Many organizations lack the visibility to secure their business ecosystems from potential attack.
The report shows critical manufacturing suffered a decline in patching cadence, which means how quickly an organization can apply security updates in order to address critical vulnerabilities.
“The patching cadence factor analyzes how many out of date assets an organization has and the rate at which they remediate and apply patches in comparison to their peers,” Yampolskiy said.
The patching cadence factor for critical manufacturing fell from a score of 88 to a score of 76 year-over-year.
The report comes at a time when critical infrastructure has been under rising threat of cyberattack around the world. The Russian invasion of Ukraine in early 2022 raised the threat of critical infrastructure attacks against various facilities in NATO countries.
Critical infrastructure has also been the focus of the Cybersecurity and Infrastructure Security Agency, as small- to medium-sized providers have been under threat in local communities where they often lack the financial resources and personnel to prevent sophisticated attacks.
