The manufacturing industry is a key target for cyber attackers, with more than 1,600 confirmed data breaches on the manufacturing industry in 2024 alone. What’s even more alarming? The vast majority of breaches (90 percent) targeted small manufacturers, which often have fewer technical and financial resources.
With fewer resources dedicated to cybersecurity, small manufacturing businesses are frequently prime targets for attackers looking to use stolen credentials to conduct an attack.
Last year, compromised credentials were one of the most common attack vectors, representing nearly half (47 percent) of initial access vectors (IAVs) in ransomware incidents. Once an attacker has access to credentials, they can infiltrate systems, steal sensitive data, and even use the compromised credentials for further attacks.
For manufacturers that work with multiple vendors across their supply chains, the risk is even greater, as their digital assets could be compromised through a vendor password breach.
To fortify defenses, concerned companies should take a risk-based approach and address fundamental security posture first. Meaning, blocking access to administrative web panels, removing Remote Desktop Protocol (RDP) from the open internet, implementing multi-factor authentication (MFA), and ensuring all device firmware is up to date.
Manufacturers, especially smaller businesses, should implement best practices to enhance their password hygiene and safeguard their organization against attacks via compromised credentials.
Common Harvesting Methods
Internet-exposed logins are a significant driver of ransomware attacks. Case in point, many businesses (over 65 percent) have at least one internet-exposed web login panel when applying for cyber insurance. These access panels can include access points for various business systems, such as email, VPN, human resources, and more.
Threat actors employ various methods to steal login credentials, including phishing, malware such as keyloggers, and insider threats. By using compromised credentials to access these panels, threat actors can disable or bypass security features to gain privileged access to internal systems and networks.
Ransomware events often begin with compromised credentials, so securing the riskiest exposed logins first needs to be prioritized to reduce ransomware exposure.
How Manufacturers Can Protect Against Credential Compromise
Manufacturers - especially small businesses - can’t afford to treat password hygiene as an afterthought. As credential-based attacks continue to rise, they must take strategic steps to harden their defenses.
- Implement multi-factor authentication. MFA can block over 99.9 percent of account compromise attacks, yet only 54 percent of small businesses say they’re using it. With MFA in place, even if attackers steal a password, they won’t get in without another verification step, such as a mobile code, hardware token or biometric check. Properly implemented and enforced MFA almost completely mitigates the risk of stolen credentials, so it should be every small businesses’ first step.
- Educate employees about cyber risks. Without proper education, cybersecurity policies can be more difficult to enforce. Regular security awareness training can help your team recognize and avoid scams. At the same time, try to build a culture of honesty and transparency around reporting cyber concerns. While clicking on a suspicious link is bad, choosing not to report it after realizing it may have been malicious is far worse. Employees should be encouraged to report mistakes they may have made without fear of reprisal, because it’s likely that a crisis can be averted by taking quick action. Cybersecurity is a team sport, and when employees understand their role in the company’s cybersecurity, they can become proactive defenders for the business.
- Limit employee access based on role. Follow the principle of least privilege – granting users only the minimum access necessary for their role. This is especially important for manufacturers who work with multiple vendors and contractors across their supply chain, from suppliers and distributors to shipping and logistics partners. This limits the blast radius across the chain if an account is ever compromised.
- Continuously monitor for cyber threats. Use email security tools and technologies that enable companies to catch phishing attacks and other threats in real-time, or outsource continuous monitoring to experts via managed detection & response (MDR).
- Perform regular audits: Vet third-party providers carefully, and ensure they follow strong security practices when handling data. Manufacturers should consider contracting security or risk management experts (even part-time) to ensure their vendor systems and security processes are compliant and meet the bar for high security standards (this also applies to a company’s own security processes and systems).
- Enforce strong password hygiene: Manufacturers should require employees to use unique, complex passwords for each account. With weak passwords, businesses become more vulnerable to brute force attacks, where attackers gain access by systematically trying different combinations of usernames and passwords until they find the correct one. Business leaders should also prevent employees from using old passwords; this ensures previously compromised credentials are never recycled. By providing a password manager that securely generates and stores credentials, companies can eliminate the need to remember or reuse passwords and ensure that the passwords used have sufficient complexity.
Preventing Harvesters from Reaping What You Sow
Credential harvesting is an ongoing cybersecurity threat, and small manufacturers are especially vulnerable; the consequences of a successful breach resulting from these tactics could be devastating. Implementing and enforcing MFA can significantly reduce cyber risk exposure, even with limited resources.
Cybersecurity is an ongoing commitment; as attack methods evolve, strategies must as well. Implementing and continuously adapting these measures and practices can help protect manufacturers' valuable data, maintain operational continuity, and safeguard their reputation.
