Paying ransom doubles the cost of data recovery

More than two-thirds (68%) of ransomware attacks against the manufacturing sector, the adversaries successfully encrypted data at the highest rate in over the past three years, amid a broader cross-sector trend of attackers more frequently succeeding in encrypting data.

A new report from Sophos, however, found that the percentage of manufacturing organisations that used backups to recover data has increased compared to other sectors. 

The State of Ransomware 2023 survey polled 3,000 IT/cybersecurity leaders across 363 organisations in manufacturing and production in 14 countries in the Americas; Europe, Middle East and Africa; and the Asia-Pacific region.

Among manufacturing firms, 73% surveyed using backups this year versus 58% in the previous year. Despite this increase, the sector still has one of the lowest data recovery rates.

“Using backups as a primary recovery mechanism is encouraging, since the use of backups promotes a faster recovery,” said John Shier, field CTO, Sophos. “While ransom payments cannot always be avoided, we know from our survey response data that paying a ransom doubles the costs of recovery.”

Shier said that with 77% of manufacturing organisations reporting lost revenue after a ransomware attack, this added cost burden should be avoided, and priority placed on earlier detection and response.

In addition, despite the growing use of backups, manufacturing and production reported longer recovery times this year. 

In 2022, 67% of manufacturing organisations recovered within a week, while 33% recovered in more than a week. This past year, only 55% of manufacturers surveyed recovered within a week.

“Longer recovery times in manufacturing are a concerning development,” said Shier. “As we’ve seen in Sophos’ Active Adversary reports, based on incident response cases, the manufacturing sector is consistently at the top of organizations needing assistance recovering from attacks.”

He said this extended recovery is negatively impacting IT teams, where 69% report that addressing security incidents is consuming too much time and 66% are unable to work on other projects.

Sophos experts recommend the following best practices for organisations in manufacturing and across all other sectors.

First, strengthen defensive shields with security tools that defend against the most common attack vectors, including endpoint protection with strong anti-exploit capabilities to prevent exploitation of vulnerabilities, and Zero Trust Network Access (ZTNA) to thwart the abuse of compromised credentials.

Also, defend with adaptive technologies that respond automatically to attacks, disrupting adversaries and buying defenders time to respond; and 24/7 threat detection, investigation and response, whether delivered in-house or by a specialist Managed Detection and Response (MDR) provider.

Second, optimise attack preparation, including making regular backups, practicing recovering data from backups and maintaining an up-to-date incident response plan.

And third, maintain good security hygiene, including timely patching and regularly reviewing security tool configurations.