Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?



Assessing Cyber and Physical Risks to Manufacturers

Manufacturers serve as critical building blocks of modern society. They are integral to the existence of the products we consume, the essential services we need, and the infrastructure on which we rely. Our reliance on them also means that, according to the U.S.

Manufacturers serve as critical building blocks of modern society. They are integral to the existence of the products we consume, the essential services we need, and the infrastructure on which we rely. Our reliance on them also means that, according to the U.S. Department of Homeland Security (DHS), “a direct attack on or disruption of certain elements of the manufacturing industry could disrupt essential functions at the national level and across multiple critical infrastructure sectors.” 

Although security incidents that occur in consumer-facing industries like retail and financial services tend to attract the most attention, those suffered by manufacturers can be far more damaging. The challenge is that the manufacturing industry tends to be particularly susceptible to various cyber and physical security risks. Here’s why:

Antiquated Operational Technology (OT) Environments

The machinery and networks comprising an OT environment are what operate the physical processes required to manufacture goods. Many factories run 24-hours per day, 365 days per year. So any security procedure requiring OT downtime—such as patch and vulnerability management, software updates, and other types of network maintenance that might regularly occur in IT environments—can rapidly hinder production, lower outputs, and reduce revenue for manufacturers. For this reason, OT machinery and networks often operate for years at a time without receiving any sort of security maintenance or assessment. 

Cyber Risks to Manufacturers and Industrial FirmsAnother challenge with outdated OT environments stems from the rapid digitization of the manufacturing industry. As many manufacturers continue to integrate automation, IoT devices, and other Internet-connected technologies with their OT networks, they are inadvertently expanding the surface area upon which vulnerabilities could occur, threats manifest, and attacks transpire. Indeed, this scenario is similar to the uptick in security incidents that occurred following the healthcare industry’s rushed adoption of EMR systems, as well as the oil & gas industry’s increasing reliance on Internet-connected industrial control systems.

Increasingly Complex Supply Chains

Rising competition amid intense market pressure has caused many manufacturers to outsource and diversify their supply chains. While outsourcing can increase efficiency while reducing costs, it often creates a massive flow of materials, people, and data to and from ever-changing sources and third-parties. And as supply chains continues to become larger and more decentralized, many manufacturers are losing both visibility and control of the materials, quality controls, and any potential security vulnerabilities in the goods they produce.

An Abundance of Intellectual Property

Advertisement. Scroll to continue reading.

Manufacturers also face substantial risks from the abundance of intellectual property (IP) they store. From proprietary source code and product formulations to market insights and trade secrets, IP is integral to the productivity, stability, and competitive advantages of most manufacturers. Unfortunately, IP is also a highly sought-after commodity among adversaries ranging from malicious insiders and competitors to profit-minded cybercriminals and state-sponsored actors. And given the manufacturing industry’s tendency to fall short in terms of security, many manufacturers may be especially vulnerable to IP theft.  

When it comes to accurately evaluating and mitigating security risks facing manufacturers, the above characteristics should serve purely a starting point. It’s crucial to remember that regardless of industry or function, safeguarding critical assets, proactively addressing cyber and physical threats, and assessing and mitigating risk accurately and effectively requires a comprehensive understanding of all factors contributing to an organization’s risk. 

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...


The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...


Wago has patched critical vulnerabilities that can allow hackers to take complete control of its programmable logic controllers (PLCs).


Cybersecurity firm Forescout shows how various ICS vulnerabilities can be chained for an exploit that allows hackers to cause damage to a bridge.


More than 1,300 ICS vulnerabilities were discovered in 2022, including nearly 1,000 that have a high or critical severity rating.


Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.

Cybersecurity Funding

Internet of Things (IoT) and Industrial IoT security provider Shield-IoT this week announced that it has closed a $7.4 million Series A funding round,...


Siemens and Schneider Electric address nearly 100 vulnerabilities across several of their products with their February 2023 Patch Tuesday advisories.