03 | SUPPLY CHAIN WEAK LINKS
Specific Security Posture Findings: Weak Links in the Manufacturing Supply Chain
Beyond the high-level cyber ratings and KRIs, a deeper dive into specific security controls reveals foundational weaknesses that leave the manufacturing sector vulnerable to attack.
These vulnerabilities are not isolated incidents; they are pervasive issues across the industry that serve as entry points for threat actors.
Top areas of concern include:
- Patch Management
- Application Security
- Email Security
- Stealer Logs
Patch Management: An Urgent Need
Patch management is a fundamental component of a secure infrastructure, yet the research reveals a concerning trend of poor performance across the manufacturing sector. The data shows that the majority of companies across all sub-industries scored poorly in this area, indicating that many assets have outdated and vulnerable servers or products. This widespread neglect of timely patching leaves companies susceptible to data breaches and other cyber threats.
Patch Management Grade Distribution
Patch Management Grade Distribution %
Application Security: Securing the Digital Frontline
Applications serve as a primary attack vector, often acting as the first point of entry for cybercriminals seeking to disrupt operations or steal sensitive data.
For manufacturing companies, where operational continuity and data integrity are paramount, robust application security is a critical defense strategy. Despite some positive signs, approximately 30% of companies are in the critical zone (D or F score) for application security, highlighting a pressing need for improvements to reduce the attack surface.
Application Security Grade Distribution %
Application Security Grade Distribution %
Email Security: Guarding the Gateway
As a primary communication channel, email is a frequent target for cyberattacks. While many manufacturing companies show strong email security, vulnerabilities exist within specific sub-industries.
The research found weaknesses in the email configurations of companies in Petroleum and Coal Products, Computer and Electronic Product, and Primary Metal Manufacturing, which are ripe for exploitation by threat actors.
Email Security Grade Distribution
Email Security Grade Distribution %
Stealer Logs: Unveiling Credential Exposure
The research found that a high percentage of manufacturing companies have critical stealer log findings, indicating that employee credentials have been compromised on the dark web.
For this analysis, only the most severe findings were considered, such as a company's domain detected in both the username/email and URL fields of a password file (CVSS: 9.0), or in the username/email field without the URL (CVSS: 7.7).
Less severe findings were excluded from the summary as they do not indicate a direct or actionable risk. For instance, 73% of companies in the Computer and Electronic Product Manufacturing sub-industry have a "Yes" finding for critical stealer logs, underscoring the severity of this risk.
Stealer Logs Findings
Stealer Logs Findings %