For the fourth year running, in 2025, the IBM X-Force Threat Intelligence Index crowned the manufacturing sector as the number one targeted industry for cybercrime, representing 26% of incidents. The problem is so bad that manufacturing has even managed to defy malware's decline, with attackers exploiting the industry's legacy technology to deploy ransomware at a massive scale. But why is the manufacturing sector so vulnerable? What unique cybersecurity risks does it face? And what role do industry standards and compliance play?
Why Manufacturing Is So Vulnerable
The manufacturing sector is particularly vulnerable to cybercrime for three key reasons:
High dependence on legacy systems and unpatched OT
Manufacturing, perhaps more so than any other industry, relies on outdated technology. Many industrial control systems (ICS) and other operational technology (OT) infrastructure are decades old and, consequently, weren't designed with security in mind.
Consider programmable logic controllers (PLCs), distributed control systems (DCS), and supervisory control and data acquisition (SCADA) systems. This kind of infrastructure is crucial for core operations, including controlling machinery, managing production lines, and ensuring safety. Upgrades to these systems can be extremely disruptive and expensive, so many organizations are reluctant to patch them.
However, failing to patch OT systems can have dramatic consequences in February 2024. Schneider Electric, a French multinational digital automation and energy management corporation, suffered a major cybersecurity incident after the Cactus ransomware gang stole 1.5TB of data. In the lead-up to the attack, the company had a slew of vulnerabilities reported by CISA in various software packages, some of which had CVSS scores as high as 9.8. It goes without saying that these vulnerabilities likely played a role in the incident.
Limited network segmentation between IT and OT environments
Historically, manufacturing organizations kept IT and OT networks separate. But as digital technology creeps into the physical world, these systems have converged. The increasing need for real-time data analysis, remote monitoring, and integrated supply chains has blurred the lines between IT and OT, meaning that, without robust network segmentation, a security breach in the IT environment can easily spread into the OT environment. For example, a simple phishing attack on an office computer could spread into control systems managing robotic arms on an assembly line, shutting them down and causing major disruption and financial losses.
Minimal downtime tolerance
Operational downtime in the manufacturing sector is costly and, in some cases, even dangerous. A 2024 report by Siemens found that unscheduled downtime saps 11% of annual revenues from the world's 500 largest companies, amounting to $1.4 trillion. What's more, cyberattacks targeting OT can directly impact safety systems designed to protect workers, dramatically increasing the risk of accidents. The result? Manufacturing organizations are more likely to pay ransoms than other organizations. Often, the risk to safety and finances far outweighs ransom demands, meaning ransomware gangs like to target manufacturing firms.
The Manufacturing Sector's Common Attack Vectors
Let's explore the manufacturing sector's key attack vectors:
Phishing and Social Engineering
As with all industries, phishing and social engineering are major threats to manufacturing. Manufacturing staff, especially those in administrative or operational roles, often lack cybersecurity awareness, making them susceptible to social engineering and putting the wider organization at risk.
Exploitation of Unpatched or Legacy Systems
As noted, the manufacturing sector is notorious for its poor patching practices and outdated technology. With vulnerabilities left unattended, attackers can easily compromise IT and OT networks and wreak havoc on manufacturers.
Compromised Industrial Internet of Things (IIoT) Devices
IIoT devices play an increasingly important role in manufacturing. These devices are great for enhancing efficiency, but they also dramatically expand attack surfaces. Insecure or misconfigured IIoT devices can serve as entry points for attackers to infiltrate networks, manipulate production data, or disrupt operations. What's more, as these technologies are so new, they lack standardized security controls, exacerbating risks further.
Insider Threats
Sometimes, threats come from inside manufacturers. Employees and partners can inadvertently compromise security by misusing access privileges, sharing sensitive information, and failing to follow security protocols. Nor are malicious insiders out of the question: in 2018, a disgruntled Tesla employee caused significant disruption to his employer.
Supply Chain Attacks
Manufacturers are a crucial part of the supply chain and typically rely on a network of suppliers and third-party vendors to operate. For attackers, compromising even a single supplier can provide access to multiple organizations within the supply chain, leading to widespread disruptions.
Remote Access Exploits
Manufacturing organizations often use remote access tools for maintenance monitoring. When these tools have weak authentication protocols or unpatched vulnerabilities, attackers can exploit them to gain entry to networks and move laterally within networks.
Industry Standards and Compliance
Standards and compliance play an important role in manufacturing cybersecurity. While not a complete solution, adhering to these standards can significantly improve resilience to a wide range of risks. Some notable examples include:
- NIST SP 1800-10 provides practical advice for securing industrial control systems, including behavioral anomaly detection, file integrity checks, application allowlisting, and strict change management to maintain trust and system reliability.
- IEC 62443 is a comprehensive standard for securing industrial automation and control systems, covering security product development, technical security requirements, system-level protections, and operational procedures.
- ISO/IEC 27001 is a framework for managing information security risks through an Information Security Management System (ISMS), focusing on risk treatment, access control, and continuous improvement.
It's also worth noting that demonstrating system integrity and secure configurations is crucial for protecting OT, maintaining product quality, meeting compliance requirements, and, ultimately, building customer trust. By implementing the above standards, manufacturing organizations can dramatically reduce the risk of disruption and data breaches.
Strengthen your resilience. Evaluate your OT/IT security posture and discover how Fortra's solutions can bolster operational continuity and significantly reduce your risk. Take proactive steps towards a more secure future.
Learn more today!
