Hackers are bullying the manufacturing industry, and they’re not exactly subtle about it. Like Biff Tannen cornering Marty McFly, cybercriminals flaunt their power, hitting manufacturing companies where it hurts most—shutting down production lines and grinding operations to a halt. They know they hold the upper hand, exploiting every gap left by decades of technical debt and the industry’s rapid leap into the digital age.
Zscaler’s 2024 ThreatLabz report paints a grim picture: 653 ransomware attacks aimed at manufacturing, more than double the incidents in any other sector. And Critical Start’s latest data isn’t any rosier.
The numbers don’t lie, but they do beg the question: what makes hackers pick on manufacturing like a high school bully targeting the new kid in town? Is it the thrill of taking down industrial giants, or that manufacturing can’t afford to stay offline for long? Maybe it’s just too easy for them—like finding a loose $20 bill on the sidewalk. Either way, the industry is caught in a time loop of relentless attacks, and it’s time to figure out how to break the cycle.
To understand this, we must look at the factors that make manufacturing an appealing target for these digital bullies. From the value of uninterrupted operations to the complexity of digital transformation and the challenges of managing a dynamic workforce, these vulnerabilities make manufacturers a tempting target.
Here are three reasons as to why the manufacturing sector is experiencing so many challenges with cybersecurity.
Reason #1 – Value
The manufacturing sector is especially attractive to cyber criminals due to its heavy reliance on continuous operations and the high stakes involved in any disruption. Unlike many other industries, a halt in production lines doesn’t just result in inconvenience; it can mean a significant loss of revenue per day.
According to Redzone’s Manufacturing Benchmark report, a single point of OEE (Overall Equipment Effectiveness) can be worth as much as $350k. Annual OEE can be made or lost with just a few days of lost production. Halting a company’s revenue stream by encrypting shopfloor devices and stopping production creates the pressure the adversary needs to drive up ransomware costs.
Threat actors are aware of this, so CISOs in manufacturing are faced with the difficult decision of weighing the cost of the ransom against the cost of lost production. While we all agree to “not pay the ransom,” 69 percent of the targeted organizations do pay it.
Reason #2 – The Complexity of Digital Transformation
The shift toward Industry 4.0 has accelerated manufacturing’s digital transformation, making production lines more efficient but also more exposed. With every IoT device and networked machine, a new potential vulnerability emerges. A notable increase in attacks targeting both IT and OT systems—from 27 percent in 2021 to 37 percent in 2023—underscores how much the attack surface has expanded.
This convergence means cybercriminals can penetrate a factory’s operations deeper, making the risks more severe. The risk of losing the productivity gains from Industry 4.0 is significant and can’t be overlooked. However, CISOs should leverage these gains as part of their risk management strategy, integrating them into calculations for ROI on cybersecurity investments.
Reason #3 – People-Centric Risks and High Turnover
Another integral reason manufacturing is so frequently targeted is the unique dynamics of its workforce. High turnover rates and reliance on temporary workers introduce challenges in maintaining consistent cybersecurity standards. Temporary workers, who might only be onboarded for short stints, require rapid access to critical systems. This often results in rushed credential provisioning processes and lax oversight, creating opportunities for cyber threats to exploit poorly managed access points.
Furthermore, using shared devices on factory floors complicates managing secure access. Cybersecurity strategies in these environments must balance ease of use with stringent security controls to prevent unauthorized access.
This challenge is not unlike those faced by healthcare and educational institutions, where shared devices and a need for quick access are prevalent. But in the high-stakes manufacturing world, the cost of a breach can be far greater, impacting not only the targeted business but also the broader supply chain it supports.
While we can’t turn back time like Marty McFly, manufacturers can take proactive steps to change their future. Adversaries have proven their effectiveness in targeting this industry, which only draws more cybercriminals and heightens the focus on manufacturing and critical infrastructure. Companies that have allowed technical debt to accumulate in their software, PLCs, or infrastructure now face significant exposure.
Hackers recognize the abundance of these vulnerabilities as opportunities. To turn the tide, manufacturers must invest in modern security measures, address legacy system weaknesses, and adopt a proactive approach to cybersecurity that prioritizes risk. By doing so, they can reclaim control and mitigate the risks that cyberbullies currently exploit.