Manufacturing Remains Top Target Despite Fewer Headlines, Coalfire's Charles Henderson Explains Why

Despite a perceived lull in major publicly reported cyberattacks against manufacturers in 2024 compared to the high-profile incidents of 2023, new reports from IBM's X-Force and Verizon underscore that the sector remains the number one target for cybercriminals. While large breaches in telecommunications and healthcare may have dominated headlines, Charles Henderson, Executive Vice President of Cyber Security Services at Coalfire, offers crucial insights into this apparent disconnect.

Henderson, former leader of the X-Force team at IBM, suggests that the quieter news cycle doesn't necessarily equate to fewer incidents. He points out that many companies may be unaware they've been compromised, particularly in cases of sophisticated nation-state actors focused on long-term intelligence gathering. Furthermore, many security incidents may not result in a "material" impact requiring public disclosure. Henderson also notes that improvements in incident response among some organizations can lessen the downstream impact and public visibility of attacks. These factors, combined with the fact that smaller manufacturing companies face less stringent reporting requirements, contribute to the discrepancy between the ongoing threat and the news coverage. The reports highlight the continued prevalence of ransomware, credential abuse, and the increasing use of AI in phishing attacks targeting the manufacturing industry.