COMMENTARY: The manufacturing industry has been a vital linchpin of the U.S. economy for several generations. It’s a leading driver of job growth, a catalyst for innovation, and one of the top contributors to our country’s annual GDP.
However, to maintain a competitive edge, manufacturing businesses have to move quickly, manage increasingly complex supply chains, and rely heavily on digital communications — all of which make them a target for cybercrime.
Over the past year, manufacturers have seen a massive spike in advanced email attacks. Between September 2023 and September 2024, phishing attacks in the manufacturing industry jumped nearly 83%. And, as attackers employ progressively more elusive and sophisticated tactics, it will become even more difficult for security teams to detect and mitigate new threats. Security leaders need to prepare accordingly.
Why cybercriminals zero-in on manufacturers
Threat actors frequently evaluate two criteria when identifying potential targets: access to exploitable entry points and the potential for a sizeable payday. The manufacturing industry has both in spades.
[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]
First, there’s the broad attack surface. Most manufacturers rely on an intricate web of vendors and suppliers and a labyrinth of legacy digital systems with countless possible entry points. And like businesses in other heavily regulated industries, manufacturers often observe compliance requirements and policies that create security vulnerabilities. For example, organizations may have to use outdated security systems that aren’t equipped to detect new attack types.
Then, there’s the allure of a hefty windfall. Threat actors know manufacturers house large quantities of sensitive data and financial information, which can fetch a pretty penny on the dark web. But, beyond theft, attackers recognize that given the astronomical costs associated with operational disruptions, manufacturing leaders have plenty of incentive to pay sizeable ransoms. After all, the threat of halted production lines and supply chain upheaval serves as a powerful motivator, especially after Clorox lost $356 million in a 2023 attack.
Popular email attacks target manufacturers
Manufacturing security teams have taken a more proactive approach in recent years by focusing on security awareness training and updating email monitoring tools to spot potential indicators of compromise. Good steps in theory, but we have to remember that cybercriminals are highly adaptive, and unfortunately, many have now developed tactics to deceive security-savvy employees and secure email gateways (SEGs).
For example, while we’ve all grown to recognize poor grammar, misspellings, and improper syntax as hallmarks of phishing attempts, modern phishing emails blend in seamlessly with legitimate messages. By weaponizing generative AI tools, threat actors create well-written, error-free emails that fail to trigger legacy security software or raise employee suspicions. What’s worse, cybercriminals often leverage phishing as a first step in larger and much more destructive attacks. Just one successful phishing attempt can unlock access to log-in credentials and create a path for infiltrating an entire digital ecosystem.
In addition to phishing, manufacturers have also seen a 56% increase in business email compromise (BEC) attacks, where attackers impersonate a target’s coworker, manager, or another trusted individual, and a 24% rise in vendor email compromise (VEC), where threat actors masquerade as trusted third parties.
While advanced attacks like BEC and VEC are often time and labor-intensive, they can also lead to a massive payoff. By using meticulous research, communication monitoring, and social engineering tactics, cybercriminals have persuaded victims into sharing sensitive information and unknowingly committing financial fraud, such as changing the banking account details for a direct deposit or paying a phony invoice. In August 2024, global chemical company Orion S.A. reported via SEC filing that attackers deceived an employee into making multiple wire transfers, costing the company $60 million.
And although many security awareness programs warn employees of the dangers of social engineering attacks, these messages are nearly impossible to spot. Threat actors prey on an employee’s trust and desire to be helpful, and they also frequently use expertly spoofed email addresses and hijacked accounts. Plus, since manufacturers can employ thousands of people and contract with hundreds of suppliers, distributors, and other vendors, there are seemingly endless endpoints to exploit.
By training teams to recognize evolving phishing tactics, implementing foundational security measures like multi-factor authentication (MFA), and layering in advanced AI-powered threat detection, security leaders can stay ahead of enterprising hackers, neutralize threats before they reach user inboxes, and mitigate emerging risks.
How manufacturers can protect their companies
Unfortunately, advanced email attacks will likely grow exponentially in the year ahead – especially as cybercriminals continue adopting AI to outsmart legacy security systems and deploy even more convincing impersonation tactics.
As we prepare for 2025, it’s more important than ever for manufacturers to uplevel their security strategies to defend against advanced email attacks. With no malicious content to trigger legacy security tools and no obvious signs to alert employees, traditional defense methods are no longer enough.
Mike Britton, chief information officer, Abnormal Security
SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
