The 2021 Manufacturing Data Risk Report Reveals Nearly 1 Out of Every 5 Files is Open to All Employees

Image Credit:
Media Release by Varonis

The 2021 Manufacturing Data Risk Report Reveals Nearly 1 Out of Every 5 Files is Open to All Employees

Threats against the manufacturing sector continue — from big game ransomware groups that steal victim’s data before encrypting it, to nation-state attackers seeking technology secrets, to company insiders looking for information to grab and sell to the highest bidder. Recent news headlines show how crippling ransomware attacks can halt assembly lines and disrupt supply chains.

Manufacturing was the fifth most targeted industry in 2020, with the average data breach costing $4.99 million. The average breach in the manufacturing sector takes 220 days to contain — one of the longest threat lifecycles out of any industry.

Overexposed information — especially sensitive data – exponentially increases risk. This exposure is your “blast radius” — think of it as all the damage an attacker can do once inside your environment. If just one employee clicks on a phishing email, an attacker can potentially access every file an employee can touch.

To understand the extent to which the manufacturing sector is protecting its sensitive information from these evolving threats, Varonis developed the 2021 Manufacturing Data Risk Report.

It examines the state of data security – on-premises, cloud, and hybrid environments – for industrial manufacturers and engineering firms, by analysing a random sample of Data Risk Assessments for 50 companies — and a total of 4 billion files — to determine how data is exposed and at risk.

This report aims to help manufacturing organisations assess the current cybersecurity landscape objectively and provide advice that companies can leverage to decrease their attack surface.

Here are just a few key findings:

  • Every employee can access, on average, 6 million files on their first day on the job.
  • 4 in 10 organisations have 1,000+ sensitive files open to every employee.
  • 44% of companies have more than 1,000 active “ghost user” accounts enabled.
  • More than half of companies have 500+ accounts with passwords that never expire.

Larger Companies are 2X more exposed

On average, every employee has access to over 6 million files — nearly one out of every five files — on their first day on the job. For large companies, that number doubles — at firms with more than 1,500 workers, employees can access over 12 million files. One out of every ten files open to everyone in the company is sensitive. These files may include intellectual property, employee data, manufacturing and supply chain information, product development documentation, marketing plans, and more.

Protecting Manufacturing Data

Global access groups (e.g., Everyone, Domain Users, Authenticated Users) are helpful for internal collaboration — but they also make it much easier for cybercriminals to infiltrate your environment. If a bad actor compromises one end user, they can gain a foothold that enables them to copy, share, delete and change unprotected sensitive information. 44% of manufacturing companies average 1,000+ files open to every employee — and more than one in five have 10,000 files open to every employee. For these companies with overexposed sensitive data, limiting open access by enforcing a least privilege model is a critical part of risk reduction. Manufacturing companies store above-average amounts of stale sensitive data, which increases their attack surface and inflates storage costs unnecessarily. On average, 78% of an organisation’s sensitive files are stale and could be deleted or archived.

Vulnerabilities in Active Directory

Inactive user and service accounts that remain enabled long after employees leave (aka. “ghost users”) provide attackers with plenty of time to brute-force their way into your environment and, once inside, move through your data stores. From there, they can quietly steal data and avoid detection before encrypting it. Inactive, but enabled, privileged admin accounts with passwords that never expire are one of the best gifts you can give cybercriminals. These often overlooked vulnerabilities are difficult to detect and root out without proper visibility into your environment.

56% of companies have over 500 accounts with passwords that never expire and 44% of companies have more than 1,000 active “ghost user” accounts enabled.

“Manufacturers hold sensitive, and incredibly valuable data that put them at risk. And as we saw with WannaCry, DarkSide and so many other attacks, ransomware can stop production lines and halt businesses. All too often, information is overexposed and under protected. To limit the damage attackers can do, you must reduce your blast radius.

Companies need to ask themselves three questions to better prepare for an attack: Do you know where your important data is stored? Do you know that only the right people have access to it? Do you know that they’re using data correctly? If you don’t know the answers to these three questions, you won’t be able to identity the early stages of a cyberattack,” said Matt Lock, Technical Director at Varonis.

The key takeaways

  1. The manufacturing industry’s cybersecurity maturity lags behind other industries such as finance, with nearly half of all companies still underprepared for a disruptive attack.
  2. Manufacturers’ cybersecurity preparedness is more likely to vary when compared to regulated sectors like healthcare and finance. While some companies have mature data security policies and incident response procedures, others have taken few mitigative steps.

Manufacturing companies can position themselves for success by using their deployed solutions to their full potential, removing data security blind spots by adding visibility, and reducing access to data on a least-privilege basis using automation. Reducing your blast radius will help minimise the damage attackers can do when — not if — they land on your network.

Read the full report: 2021 Manufacturing Data Risk Report.


Notify of
Inline Feedbacks
View all comments