The volume of cyberattacks targeting manufacturers has been steadily increasing for quite some time. However, over the past few years, what had long been a gradual climb has become a meteoric rise.
In the Age of AI, Manufacturers Can No Longer Afford to Give Cybersecurity Short Shrift
Eyal Benishti, CEO | IRONSCALES
The volume of cyberattacks targeting manufacturers has been steadily increasing for quite some time. However, over the past few years, what had long been a gradual climb has become a meteoric rise — with the number of cyberattacks levied against manufacturers soaring upward at a dizzying pace.
In fact, the trend has proven so significant that, in 2021, manufacturing surpassed financial services to become the most heavily-attacked major industry in the world. Three years later and the industry has held onto that unwelcome distinction without interruption, as its share of the global cybercrime pie rose to over 25% of all incidents in 2023. Going forward it is highly unlikely that we will see this figure fall by any meaningful amount.
Mounting Cyberrisk Spurs a Long-Overdue Shift in Industry Attitudes
The good news is, this explosion in cyberattacks has proven to be a powerful forcing function for the industry when it comes to cyberrisk. Although still allocating only half as much of their annual budgets to cyberdefense as most other major industries, manufacturers are finally waking up to the very real risk posed by cybercrime. In fact, in a recent industry survey, manufacturing professionals counted cybersecurity among the industry’s top 5 most pressing external risks for the first time ever, ranking it third overall. At the same time, cybersecurity was ranked as the #1 most in-demand skill for employers in the industry.
When you dig a little deeper into the industry’s cybersecurity woes, this news comes as little surprise. This is because cyberattacks are not only becoming more frequent in the manufacturing industry — they’re also becoming more expensive. According to IBM’s latest Cost of a Data Breach (CODB) report, the average total cost of a breach in the industrial sector reached a whopping $5.56 million in 2024 — representing an 18% year-over-year increase compared to 2023. This is despite multiple high-profile attacks — such as Clorox’s $356 million breach, and Applied Materials’ $250 million loss from a compromised supplier — exerting meaningful upward pressure on 2023’s annual average.
The question, however, remains — will manufacturers’ increased concern over cybercrime translate into increased investment in cybersecurity capabilities? If so, it’s imperative that industry decision-makers allocate those dollars wisely. As known laggards in the cybersecurity space — with relatively limited resources at-hand — manufacturers face a real risk of using these newly-increased budgets in suboptimal ways.
Understanding AI’s Impact on Today’s Threat Landscape: Enabling Novel Attacks While Supercharging Age-Old Strategies
That’s why, before investing any funds, industry leaders would be wise to invest some of their time into learning about the current threat landscape, as well as familiarizing themselves with the technological ecosystem growing up around and in response to this changing landscape.
While ransomware remains the leading cyberthreat facing manufacturers today, there are clear indicators that this may not be the case for much longer. Over the past year and a half, the sudden emergence of advanced, commercially-available artificial intelligence (and generative AI in particular) has already begun to totally reshape the modern cybersecurity landscape. Nowadays, decades-old attacks — such as phishing, account takeover, and malware — are being supercharged by highly-sophisticated, freely-available generative AI tools like ChatGPT and Claude; and professionals are taking note. In a recent survey from IRONSCALES, 64% of IT professionals said they expect the volume of deepfake-enabled attacks to increase over the next 12-18 months — more than any other attack type listed, including ransomware, phishing, account takeover (ATO) and business email compromise (BEC).
To help put this advantage in context, a recent study from IBM found that generative AI has reduced the time needed to craft an effective phishing email by up to 99.5%. At the same time, hackers more than doubled their AI-powered ransomware attacks between August 2022 and July 2023, making phishing emails dramatically more effective — thanks to improved targeting, and the effective erasure of the grammatical errors and linguistic oddities that were once hallmarks of phishing messages. Ultimately, according to Accenture, AI-enhanced attacks have led to a 1,265% increase in phishing attacks over just the past eighteen months. At the same time, the total volume of ransomware attacks have risen by roughly 76% since the launch of ChatGPT.
These latter findings illustrate a fact that is vitally important for manufacturers to keep in mind — namely, that the rise in AI-enabled attacks and the continued prominence of ransomware and malware in the industrial sector are by no means mutually exclusive. In fact, we’ve already witnessed real-world instances of generative AI being used to create self-evolving malware that can adapt to specific targets and more readily evade detection. Taken alongside generative AI’s supercharging effect on phishing and other social engineering-based attacks, this revelation makes it all but impossible to underestimate the gravity of AI’s impact on the world of cybersecurity.
The Other Side of AI: Defensive Technologies Give Hope to an Increasingly Vulnerable Industry
Just as AI represents a paradigmatic shift to the modern threat landscape, it also holds game-changing potential as a defensive tool. In IBM’s 2024 CODB report, researchers revealed that only 32% of industrial organizations currently make extensive use of AI-enabled security and automation tools. At the same time, the researchers found that those that do make extensive use of these technologies enjoy an average cost savings of over $1.9 million per year. Thankfully, there are some indications that more organizations will be coming aboard soon. In a recent IRONSCALES survey, nearly three quarters (73%) of IT professionals said their organizations will likely invest in deepfake-specific defenses within the next 12 months.
At the heart of these benefits is AI’s ability to automate and accelerate elements of the threat detection and response process. Not only do these technologies boast a higher success rate in detection and remediation of cyberattacks, but they also help to dramatically reduce the impact of breaches if and when they do occur. By enacting swifter, more conclusive responses to attacks, AI-empowered organizations are able to minimize business risk, while also reducing the damages associated with service interruptions.
However, even the most sophisticated of AI-enabled defensive technologies are not foolproof. Even for those that can boast a 99.9% detection rate, given the rapidly growing volume of attacks, it’s all but inevitable that the occasional attack will slip through. And in those instances, organizations must remember that their employees are their last line of defense against compromise.
A Path Forward: How the Right Combination of Tech and Training Gives Manufacturers a Fighting Chance in the Age of AI
In a 2021 peer-reviewed academic study, researchers found that individuals were able to distinguish deepfakes from real media just over 57% of the time. A success rate barely better than that of a coin flip is worrying in and of itself. But keep in mind that deepfake technologies have improved considerably over the three years since that study was conducted.
While the malicious use of deepfakes for the purposes of fraud has yet to become truly widespread, the potential these technologies hold is far too great to ignore — for both organizations and threat actors alike.
To help put this potential in context, consider the case of the Hong Kong-based company that lost hundreds of millions in a deepfake-enabled attack earlier this year. In the attack, hackers used real-time deepfake video to populate a Zoom call with life-like replicas of members of the company’s senior leadership team (including its CFO). In the video call, the phony executives convinced a junior finance employee to make a wire transfer of $250 million to an off-shore bank account under their control.
In the wake of the attack, the victim was adamant that the deepfaked executives were virtually indistinguishable from reality, faithfully recreating everyone’s image, likeness, and voice with incredible detail and accuracy.
Whether this is a faithful representation of the facts or a desperate attempt at saving face doesn’t really matter. Either way, AI-enabled attacks of every stripe — from ChatGPT-generated phishing emails, to cutting-edge, multi-modal deepfake impersonations — have already shifted the balance of power in favor of the threat actors of the world. And, these technologies are only growing more sophisticated by the day.
Unfortunately, the manufacturing industry has lagged behind in the battle against cybercrime for many years. As a result, closing the current gap between cyberrisk and defensive capabilities will be no easy feat for most manufacturers. With that being said, there is hope for the industry. By remaining proactive and prioritizing training, education, and awareness, even the most resource-strapped of organizations will have a fighting chance of successfully navigating today’s increasingly tumultuous threat landscape.
Eyal Benishti is the CEO and Founder of IRONSCALES, pioneering the world’s first self-learning email security solution to combat advanced phishing, BEC, and account takeover attacks.
With over 15 years in the software industry, Eyal has held roles as a security researcher and malware analyst at Radware and a technical lead for information security solutions at Imperva. He also held R&D positions at Comverse and Amdocs.
Eyal earned his bachelor’s degree in computer science and mathematics from Bar-llan University in Israel and has been passionate about cybersecurity from a young age.
The content & opinions in this article are the author’s and do not necessarily represent the views of ManufacturingTomorrow
Comments (0)
This post does not have any comments. Be the first to leave a comment below.
Featured Product
