Four industry experts tell us how CISOs in the manufacturing sector can strengthen their cybersecurity strategies to protect critical systems from emerging threats while maintaining operational efficiency.
Andrew Lintell, General Manager EMEA, Claroty
CISOs in the manufacturing sector face a unique challenge when it comes to cybersecurity. With IT and OT becoming increasingly interconnected, the risk of cyberthreats have grown significantly.
As manufacturers embrace automation and smart technologies to drive efficiency, they’re also creating new vulnerabilities for actors to exploit. Therefore, organisations must strike the balance of increasing efficiency whilst ensuring that cybersecurity doesn’t slip.
One of the biggest issues in manufacturing is that many OT systems which are used were designed decades ago and lack the security capabilities for today’s threats. Patching these legacy systems is costly so often goes ignored. As well as this, many cyber physical systems (CPSs) rely on proprietary protocols that don’t work well with traditional IT security tools. That means getting a clear picture of all the assets in an OT environment can be challenging. Security teams need visibility into all as well as solutions tailored to OT environments.
Another concern is remote access. In manufacturing, this is essential to keep operations running smoothly, but the methods most commonly used, like VPNs and jump servers, come with their own risks. Shared credentials and broad access privileges make it easier for attackers to exploit systems. At the same time, ransomware is becoming an increasingly dangerous threat, capable of halting production, disrupting supply chains and even putting employee safety at risk.
To address challenges of IT and OT integration, a cohesive security strategy is key. The board must take steps to look beyond stereotypes of IT teams being overly cautious and recognise the genuine threats posed by OT security risks.
To strengthen cybersecurity without slowing down operations, CISOs need to focus on achieving full visibility into every CPS in the OT environment. Without knowing exactly what’s connected, it’s impossible to secure it. They must also bridge the gap between IT and OT security. Traditional IT security measures often struggle to monitor OT-specific protocols so should be adapted to provide better protection without disrupting production. Secure network segmentation and an effective asset management policy, strengthened by risk-based security controls can help reduce exposure.
Trevor Dearing, Director of Critical Infrastructure at Illumio
Cybercriminals are increasingly targeting the availability of services when they deploy attacks – for example, 62% of UK organisations had to shut down operations following a ransomware attack.
With the manufacturing sector being heavily reliant on availability, it naturally becomes a target for cybercriminals. Thanks to the convergence of IT/OT systems and the rise of interconnected networks, organisations now face an increased attack surface, exposing gaps that cybercriminals can exploit.
Manufacturers are also vulnerable to supply chain risk. One compromised manufacturer can give cybercriminals access to a broad network of connected suppliers, partners and customers. This can damage business relationships and cause a loss of revenue.
With such large and interconnected networks, manufacturers can’t prevent every attack. CISOs set themselves an unrealistic goal by trying to prevent all attacks. Instead, the key is to protect service availability by mitigating the impact of cyberattacks.
The best way for CISOs to minimise a cyberattack’s impact is through a breach containment strategy. This stops threats before they hit critical systems without blocking authorised employees from doing their day-to-day job.
CISOs should identify the minimum viable level of operation needed to maintain production. By controlling how systems communicate, an attack can be contained and production secured. Once critical systems have been identified, the next key step is controlling which users have access to them.
A breach containment strategy aligns with the Zero Trust model, which operates on the principle of least-privilege access, making it easier to isolate and mitigate threats. This means technologies such as Zero Trust Segmentation (ZTS) are effective in breach containment.
ZTS divides the network into isolated segments, with tailored security controls applied to protect each individual segment. When segmenting networks, manufacturers must identify the systems that pose the biggest risk or are too important to fail and apply extra controls. This ensures that when a breach does happen, critical assets are safe.
Unlike the static approach of traditional perimeter-based security tools like network firewalls, ZTS provides dynamic and scalable security, making it easier and quicker to deploy microsegmentation across the hybrid attack surface.
Mike Britton, CIO, Abnormal Security
The manufacturing sector is vulnerable to sophisticated cyberthreats, with cybercriminals focusing their efforts on exploiting supply chains and critical systems. Email continues to be one of the primary ways that attackers target this sector – In 2024, manufacturers faced a 79% weekly risk of vendor email compromise (VEC), where attackers exploited weak points in vendor communications. Ransomware remains a significant threat, with 65% of all industrial ransomware incidents targeting the sector, threatening manufacturers with disruptions to production and supply chains.
The best way an organisation can protect against advanced attacks facing the sector lies with a layered security strategy. This starts with security awareness training for end-users. Employees are a key line of defence and need to be able to identify the hallmarks of an email attack, such as urgent requests for sensitive information, poor spelling and grammar, or malicious links.
Organisations must prioritise training sessions that cover the mechanics of email attacks and the importance of vigilance. Simulated phishing exercises can be particularly effective to provide practical experience in identifying and responding to deceptive emails. It’s also critical to have clear processes in place that ensure users actively report suspicious emails.
With Generative-AI making social engineering attacks more sophisticated and harder to detect, the increased threats facing manufacturing means that employee awareness alone is insufficient, and additional technology-based email security tools are vital. However, traditional security solutions like secure email gateways, which rely on static and known-bad indicators of compromise, are no longer enough.
Instead, manufacturers should consider cloud-native security platforms that incorporate AI-driven defences. Instead of looking for pre-determined or known indicators of compromise, like malicious links or bad sender domains, solutions that leverage AI models can instead look for anomalies outside the norm. By baselining normal behaviour across the email environment – including typical user-specific communication patterns, styles and relationships – AI could detect anomalous behaviour that may indicate an attack.
Automation plays a key role by auto-remediating any emails deemed malicious, which reduces the burden on security teams and allows them to focus on higher-priority threats while AI handles routine risk assessments and threat mitigation.
CISOs in the manufacturing sector must move beyond traditional defences and adopt proactive, AI-driven solutions. Tools which offer real-time threat detection and automated remediation can enable manufacturers to protect critical systems and maintain operational efficiency without compromise. The future of smart manufacturing will rely on resilient cybersecurity strategies that can adapt to this fast-moving threat landscape.
James Neilson, SVP International at OPSWAT
Cybercriminals target manufacturing for its reliance on uptime, often exploiting outdated industrial control systems (ICS) that still run on antiquated software like Embedded Windows XP, or Windows 10 which reaches end of support this year.
Increased digitisation interconnects IT and OT zones, increasing vulnerability to attacks that disrupt or deny operations. For example, over the past year, more than 50% of organisations experienced at least one security incident involving ICS/OT systems.
That same digitisation is changing the face of manufacturing supply chains, with data flowing between suppliers and partners just as much as product and raw materials. Third-party service and support partners visit manufacturing sites with their own laptops and removable media to update firmware on the ICS tooling they manage.
However, malware hosted on portable devices like USB drives can bypass traditional network-based security measures and move laterally between IT and OT systems.
The majority of air-gapped manufacturing environments lack security controls to detect IT malware, meaning that compromised media could result in huge financial losses, operational downtime and public safety risks.
The other key challenge is security teams often have limited visibility into the devices connecting to their organisation’s systems and the flow of data transfers. This means that security teams have to manually scan files, which is extremely time-consuming.
Manufacturing organisations need a multi-layered strategy to mitigate risks, with scanning policies at the heart of it. This requires all incoming data and devices to be scanned before they reach critical network assets.
All entry points should be covered by the policy, including ‘walked in’ devices and media, and checked and sanitised using Content Disarm and Reconstruction (CDR) techniques. Data should only ever enter critical environments once it has been sanitised and validated.
Scanning policies should also complement access controls like robust access credentials, which limit the use of external devices to authorised personnel. This then prevents removable media that hasn’t been thoroughly scanned and sanitised from accessing data within the organisation.
To effectively implement such a process especially at scale, manufacturing organisations should use dedicated scanning kiosks integrated with secure file storage and managed file transfer capabilities. Kiosks dramatically reduce the risk of introducing malicious code into secure network environments without causing delays for employees trying to do their job.
