Critical manufacturing organizations should prioritize patching as the number of high-severity vulnerabilities continues to rise within the sector.
Nearly half (48%) of critical manufacturing organizations are vulnerable to a breach, according to the SecurityScorecards report, “Addressing a lack of trust in critical infrastructure,” published January 18, 2023.
This report analyzes the state of cyber resilience in critical infrastructure sectors such as energy, chemicals and healthcare, as designated by the Cybersecurity and Infrastructure Security Agency (CISA).
As part of the report, 48% of the organizations analyzed received a ‘C’, ‘D’, or ‘F’ rating on SecurityScorecard’s security rating platform.
According to the Security Scorecard, organizations with an ‘A’ security rating are 7.7 times less likely to be compromised than those with an ‘F’ rating.
SecurityScorecard co-founder and CEO Aleksandr Yampolskiy told Infosecurity: Patching should be a priority area for them and they should definitely build repeatable capabilities to do asset classification, find outdated versions, and fix them quickly. “
The company also says that in 2022 alone, 76% of critical manufacturing organizations will have high- and medium-severity CVEs.
The rating agency also found an increase in malware infections in the sector from 2021 to 2022. By 2022, 37% of critical manufacturing organizations were infected with malware.
SecurityScorecard considers 10 factors when creating a security rating for your organization. Of these 10, the key manufacturing patching frequency “factors” dropped significantly from 2021 to 2022, moving from 88 (B) to 76 (C).
“Investing in more technology may seem like a burden for resource-constrained critical infrastructure operators, but the reality is that cybersecurity assessment technologies are very cost-effective, especially for , all the more so when you consider that the average devastating loss to US organizations is $9.44 million,” Yampolsky said.
SecurityScorecard recently joined the World Economic Forum (WEF) Global Innovator Community. The report was released during the WEF’s Davos event.
According to the World Economic Forum, only 19% of cyber leaders are confident their organizations are cyber resilient.
In April 2022, SecurityScorecard was added to the catalog of free cybersecurity services and tools established by CISA to strengthen the cyber resilience of vulnerable and underresourced critical infrastructure sectors.
