Manufacturing Has a Backup Problem—but It Is Solvable

We all know why backups are important: If you have physical site damage, for example, backups are what enable you to restore your environment. While there are many different types of disasters you need to plan for, one of the fastest growing threats is ransomware.

The ransomware trends in manufacturing are troubling

Sophos, a cybersecurity and threat intelligence company, recently released the 2024 results of its annual study of the real-world ransomware experiences of manufacturing and production organizations, and the statistics are dire. According to their findings, ransomware attacks in manufacturing have increased 41% since 2020, and two-thirds of respondents (65%) have experienced some form of an attack.

Often what happens during a ransomware attack is that perpetrators exploit a vulnerability somewhere in the environment to gain access and encrypt systems, preventing you from accessing them. They then demand a ransom in exchange for releasing those systems back to you. What’s vulnerable in a manufacturing environment? Of course, the programmable logic controllers (PLCs) themselves are a target, but so is all the data—including a backup—software, applications, servers, and even the OS. In short, anything that’s running anywhere in your operational technology (OT) network is vulnerable. So, you need to be able to move that entire backup footprint (data, software, licensing, servers, etc.) off-premises to be able to quickly recover during and after an attack or other incident. 

But moving it all off site is just one piece of an effective disaster recovery strategy—because just having the backup doesn’t do you much good if you can’t easily and quickly reinstall it all. You also need to minimize your mean time to recovery (MTTR). According to the Sophos report, the number of ransomware victims in manufacturing able to fully recover in a week or less is trending in the wrong direction, from 67% in 2022 to 55% in 2023 and only 44% in 2024. Similarly, the number needing more than a month to recover is shooting up from 10% in 2022 to 18% in 2023 and 22% in 2024. Given the staggering losses these prolonged shutdowns create, this trend is highly concerning.

 

And when it comes to ransomware, there’s an added risk in the backup and recovery picture that many manufacturers may not be considering.

Your backups aren’t as safe as you think

The Sophos report also found that in 93% of the manufacturing organizations hit by attackers in the last year, it was the backups that were the target. I want to pause on that number, because 93% may as well be 100% for all practical purposes.

Unfortunately, there’s still more bad news: In more than half of the ransomware incidents (53%), the attackers were able to successfully compromise the backups. And when that happens, the outcomes are significantly worse:

• The amount of ransom demanded was 2X ($2 million vs. $1 million).
• The companies were much more likely to end up paying the ransom to recover the data (79% vs. 49%).
• The median overall recovery costs were double ($750K vs. $350K).

The lesson here is that it’s not enough to do backups. You need backups that are comprehensive, frequent, and secure. So why are so many manufacturing environments still vulnerable? The reality is that setting up secure backups for all of the PLCs on your shop floor can be a long and tedious process.

There are various ways to approach OT backups. Some do it manually, but this lacks traceability. And if the picture below with the fob in the cabinet looks familiar, you’re not alone. What if that fob goes missing? There are good software tools available, but they often require application and data servers plus all the local applications in all the different versions from the different PLC vendors and all those licenses and associated management that comes along with it. And when you look across your sites, you might have different setups or solutions, resulting in inconsistencies. This means your security may vary across your sites.

Instead, you want to remove a lot of the footprint that’s on the ground so you can remove a lot of your exposure. And that’s exactly what our Automated Backup enables you to do.

Easily and quickly automate backup and recovery of your PLCs

SDA Automated Backup is a secure, non-intrusive backup solution. We encrypt everything that’s in transit and at rest, and our gateway uses WireGuard VPN, so your data is fully protected throughout every step of the backup process.

To get started, you just need to install a lightweight PLC connectivity agent, which takes just a couple of minutes and avoids lengthy and expensive hardware and software setup. This means global rollout can happen not in years and months but in mere weeks and days. And the streamlining doesn’t just benefit initial deployment. With no local installation of vendor software (it all sits in the cloud off-premises), no local servers, and no IT overhead, think about how that would simplify your operation.

The solution is vendor-agnostic, allowing you to streamline backups across vendors—you can manage backups from all your different industrial controllers through one interface. And you can manage backups across all your factories from a single pane of glass to ensure consistent execution and minimize weak links in your business continuity. Software Defined Automation supports many of the top PLC vendors in a wide range of versions, and we’re continually extending our support for more vendors and versions.

Targeted deployment for point-in-time backups means you will improve data resilience—that is, your ability to recover from disruptions or failures—including reducing MTTR. But you can also initiate backups manually as needed with a click of a button, so SDA gives you the power to manage your backups your way. Not only does this reduce expensive downtime in the event of a disruption, but it also increases the productivity for automation engineers on a daily operational basis, since they no longer have to take on time-consuming, non-value-add manual backup tasks.

You also get notifications and full audit and traceability. Our job log provides the whole history of every deployment and every backup that goes through our system. And in the event something were to go wrong during a deployment or a backup, we provide fully traceable error logs.

TCO calculations show that SDA Automated Backup is 50+% more cost-effective than existing on-premises solutions.

See SDA Automated Backup in action

Watch our on-demand webinar for a demo of Automated Backup. You’ll see me walk through the following backup activities:

• Getting a view into different versions of a project
• Navigating the backup job history view
• Configuring automated backups
• Initiating manual backups

And when you’re ready to get started, you can sign up for a free 14-day trial.