The modern manufacturing landscape faces unprecedented cybersecurity challenges. While factories continue to embrace digital transformation via smart manufacturing, convergence has expanded their attack surface. Industrial control systems (ICS) and other equipment that were once airgapped and isolated from online connectivity now are exposed to the same vulnerabilities and threats as their IT counterparts. Criminal groups and advanced attackers alike are eyeing these new targets to meet their respective ambitions..
Attacks on supervisory data and control systems (SCADA), human-machine interfaces (HMIs) and programmable logic controllers (PLCs) can do more than disrupt day-to-day operations—they can affect production quality, create costly operational downtime, and even jeopardize worker and public safety. Because of these new dangers, it’s imperative that manufacturing cybersecurity moves from being an afterthought to an operational necessity.
Understanding Manufacturing Cybersecurity
Protecting a manufacturing environment requires a deep understanding of what it demands when compared to traditional IT-focused security measures. There’s a stark contrast in play here: While IT systems focus on business operations and data processing, the OT side controls physical equipment and processes. IT systems typically have lifespans of three to five years and get regularly patched, ensuring security gaps are minimized. OT systems have lifespans of up to 30 years and often remain unpatched or updated for much of that time, creating a significant window of exposure that can be leveraged by threat actors.
This fundamental difference in IT and OT creates tensions when it comes to applying security strategies. For instance, it’s normal for an IT environment to undergo regular patching cycles and occasional reboots, but for manufacturing systems that need to run for months or even years without interruption, taking those systems offline is a last resort that can cost a company millions of dollars. Alternatively, when patches aren’t available and/or downtime isn’t feasible, companies can implement a host of compensating controls to mitigate risk.
What’s more, many industrial protocols that are still in use today lack basic security controls such as authentication or encryption. When paired with unpatched vulnerabilities, this makes for a perfect storm of potential entry points attackers can use to gain unauthorized access.
The Current Threat Landscape in Manufacturing
As seen with the Jaguar Land Rover attack in the summer of 2025, threats to manufacturing are on the rise. Ransomware is leading the way, going from a nuisance affecting small to midsized organizations to a systemic issue that threatens critical infrastructure. From 2024 to 2025, the manufacturing sector experienced a 61% surge in ransomware attacks—the most of any critical industry during that time.
The rise in cyberattacks against manufacturing can be attributed to a few factors. Threat actors know manufacturers face intense pressure to maintain production continuity, making them more likely to pay ransoms when critical systems are compromised. Moreover, increased connectivity for previously airgapped assets might bring a host of benefits to plant managers, but each new asset also creates a potential entry point for attackers.
Here’s a short list of common attack vectors in manufacturing:
Remote Access Connections
Insecure third-party connections, VPNs, and remote access tool sprawl are often easily exploitable entry points for malicious activity. Many of these tools are also used by contractors and vendors who need network access to do their jobs, and if granular access controls and permissions aren’t being used, it’s a security vulnerability.
Improperly Segmented Networks
Segmenting networks into separate isolated zones can drastically reduce the blast radius of a breach. Doing this as part of a robust cybersecurity strategy can limit the attacker from moving laterally once they’ve gained unauthorized access. When networks aren’t properly segmented, it can lead to a litany of issues in the event of a breach.
Legacy and Unpatched IIoT Devices
Industrial internet of things devices and equipment such as supervisory control and data acquisition (SCADA) systems and programmable logic controllers (PLCs) can often remain unpatched or updated for months or even years. This is mostly due to the high costs of any production downtime in a manufacturing environment, but these systems are huge targets when first connected to an enterprise network.
Securing Critical Systems in Manufacturing Environments
Due to their inherent complexity, protecting manufacturing environments from cyberthreats requires a multi-layered approach that addresses organizational and technological challenges. Here are some essential steps to take to address this.
Asset Visibility
You can’t protect what you can’t see. A comprehensive asset inventory of all devices and communication pathways is a must-have for industrial cybersecurity, but oftentimes, this discovery can require equipment to be taken offline. Since manufacturing environments have so little tolerance for disruptions, organizations must find a way to safely discover assets without shutting down entire production lines.
Network Segmentation
Dividing the enterprise network into isolated zones can dramatically reduce the blast radius of an attack, but this should also be done strategically. The divided zones of the network should always be compatible with manufacturing protocols such as Modbus and EtherNet/IP, ensuring that a breach in the IT environment has no way of spreading to OT.
Secure Remote Access
Enterprises that have OT asset-heavy environments are facing unprecedented demands for maintenance that can be performed remotely, and for good reason. When performed remotely, routine maintenance can save on costly on-site visits and be done in a fraction of the time. However, remote access is also a very common way for attackers to tunnel into networks undetected. Organizations must choose a secure access solution that grants granular access controls, multi-factor authentication, and time-limited access windows for maintenance activities.
Exposure Management
Asset visibility helps organizations understand the complexity of and depth of the cyber-physical systems (CPS) in their environments, but understanding the potential business impact of a breached asset is another issue entirely. That’s why it’s so critical to implement an exposure management program that accounts for asset complexities, unique governance, and their business-critical outcomes.
The Path Forward to Protecting Critical Manufacturing Systems
The manufacturing sector is facing a threat landscape that’s getting just as complex as it is dangerous. As the sector continues to embrace digital transformation through the convergence of IT and OT, malicious threat actors are ever-persistent in finding exploitable vulnerabilities. It’s enough to force the hand of CISOs to start rethinking their approach to cybersecurity.
With this convergence being all but ubiquitous, organizations should start cross-training initiatives that are focused on helping IT security professionals understand OT environments, and vice versa. Doing this can help turn abstract concepts into practical applications relevant to everyone’s knowledge base and skill level. More importantly, it ensures all security personnel within an organization can respond quickly and effectively to an incident, regardless of which side of the business it’s impacting.
Beyond personnel having the right skills, the tools they’re using are equally critical. The Claroty Platform offers manufacturing environments several benefits in one solution, reducing tool sprawl and simplifying critical steps such as asset discovery. With its industry-leading threat detection capabilities, the platform also allows passive network monitoring that catches anomalous activity, and ensures comprehensive protection for complex OT environments.
Schedule a demo with a Claroty expert to see how its world-class OT security features can protect your organization.
