Cybersecurity Challenges in the Manufacturing Sector

Guest blog courtesy of CYRISMA.

The manufacturing sector has experienced an increasing number of cyber attacks over the past few years because of the growing interconnectedness between IT and operational technology (OT).

Organizations in the sector have traditionally prioritized operational speed and efficiency over cyber risk management – something that may not have created huge security issues at a time when there was a clear separation between OT and IT. However, with more manufacturing technology (often older and less secure than IT) and processes exposed to the internet, it’s getting harder for manufacturers to secure their operations and data against attacks. Businesses’ increasing dependence on third parties for monitoring and maintenance further exacerbates the problem, with remote access requirements introducing more security gaps into their IT environments.

The manufacturing sector now accounts for 25.7 percent of cyber attacks, with ransomware involved in 71 percent of these incidents. Research also suggests that attacks on the sector are growing at the rate of 125 percent each year.

Cybersecurity challenges for manufacturers:

Growing IT-OT convergence – Traditionally, IT and OT, which comprises the systems that manage, monitor and control industrial operations and manufacturing equipment, have functioned separately with different, unconnected architectures. This has changed over the past several years, with more organizations connecting IT and OT processes and technologies for increased efficiency and smoother operations. While this has numerous benefits, it also significantly expands manufacturing organizations’ attack surface, and exposes OT to cyber threats that businesses didn’t have to worry about ten years ago, and hence did not prepare for. OT components are usually older, not frequently patched, and not built to deal with the kinds of threats that they are now vulnerable to, thanks to greater internet exposure and new entry points for attackers.

Lack of cybersecurity expertise – Manufacturing organizations have always focused more on speed of operations, efficiency and continuous uptime than on cybersecurity. Prior to digital transformation initiatives, industrial processes ran in isolated, protected environments. This has changed now, but manufacturing organizations that have traditionally focused on operational efficiency do not yet have the cybersecurity expertise to handle new threats and build systems that allow secure IT - OT interoperation.

Legacy manufacturing technology – One of the biggest cybersecurity challenges for manufacturing organizations is the legacy technology that they often depend on to run equipment and processes. Older manufacturing technology is not easily replaceable, and often doesn’t connect seamlessly with modern security tools, leaving big gaps in environments where legacy tech is exposed to the internet but not sufficiently protected.

Increasing supply-chain risks – As with other sectors, manufacturing too is growing increasingly dependent on third parties and vendors who may themselves be using the services of companies further down the supply chain. Companies may need to provide remote access to external partners for monitoring, maintenance or other purposes, introducing more security unknowns and complexities in their cyber risk landscape.

Low tolerance for downtime – Manufacturers are often more vulnerable to extortion and ransomware than others because of their low tolerance for downtime. Many organizations stand to lose much more than revenue if operations are disrupted. Attacks on suppliers for critical services and public infrastructure, in particular, can even lead to loss of life in extreme situations. This need for 24/7 uptime is exploited by cybercriminals who deploy attacks for financial gain.

Historically, the biggest motive for attacks against Manufacturing has been espionage and getting access to intellectual property and industry secrets. This has been replaced by financial gain over the past few years, with Verizon’s most recent Data Breach Investigations Report finding that 97 percent of attacks in 2024 were motivated by financial gain. Top attack patterns included System Intrusion and Social Engineering.

Attractive target for ransomware because companies can’t afford downtime

Manufacturers are easy targets for ransomware because they cannot afford operational disruptions and downtime. According to the Sophos State of Ransomware Report, 65 percent of Manufacturing sector organizations were hit by ransomware in 2024, up 9 percent compared to 2023. The biggest root cause for attacks was found to be malicious emails (29%), followed by exploited vulnerability (27%) and compromised credentials (25%). The sector (included under “Industrial” in the Cost of a Data Breach report) also saw the biggest jump in the average cost of a breach, going from $4.73 million in 2023 to $5.56 million in 2024.

What manufacturers can do for cyber risk reduction

To prevent system intrusions and breaches, manufacturers must secure their systems and the data stored on those systems by taking a holistic approach to risk reduction. This would include:

An effective vulnerability management program for quick identification and mitigation of vulnerabilities on all assets;

Visibility into and protection of the data stored on internal systems and cloud apps

The strengthening of system configuration settings based on best practices.

Regular cyber risk assessment and mitigation planning to help IT and security teams prioritize and mitigate their high-impact vulnerabilities first.

In addition to these basic preventive controls, organizations must also deploy strong threat detection and response tools for quick detection and neutralization of threats that make it into internal networks. All businesses must develop and test incident response plans and playbooks to handle potential intrusion attempts and attacks.

To successfully manage supply chain risk, organizations should evaluate the security policies and controls implemented by their supply chain partners and vendors and also carefully control the level of access provided to external entities.

How CYRISMA can help

CYRISMA is a multi-capability SaaS platform that combines essential cyber risk discovery, assessment, mitigation, and management tools; and a complete compliance module in a unified ecosystem. Built to reduce cybersecurity complexity and costs, CYRISMA enables manufacturing organizations to streamline their risk management operations and mitigate risk more efficiently. In addition to identifying and fixing vulnerabilities, strengthening system configuration and discovering and securing sensitive data, businesses can also use CYRISMA to quantify risk in financial terms, allowing them to make better security investments that have real impact.

Book a demo now to take advantage of our LIMITED TIME PRICE-MATCH OFFER!

Until January 31, 2025, we’ll match the lowest price you can find for a platform similar to CYRISMA (T&C Apply)

For offer details, email [email protected] or call us at +1 585 648 5453