Cyberattacks against manufacturers are surging. In 2024 alone, the industry experienced more than 1,600 confirmed breaches—more than double the number the year before. A major driver behind this increase is the rise of ransomware-as-a-service (RaaS), which has lowered the entry barrier for attackers.
RaaS enables cybercriminals to buy ready-made ransomware tools, allowing even low-skilled actors to launch sophisticated attacks. Manufacturers, many of which rely on outdated or legacy systems, have become prime targets. These attacks can halt production, disrupt supply chains and inflict long-term reputational harm. To stay resilient, manufacturers must adopt five proactive measures to strengthen their cyber defenses.
The Rise of RaaS
There’s a heavy reliance on industrial control systems (ICS) and industrial internet of things (IIoT) devices within the modern industrial space. These tools are often vulnerable, and a single successful attack can inflict widespread damage.
Without the right tools, RaaS attacks can be difficult to detect and neutralize. Where manufacturers may face resource constraints, RaaS developers have the resources, time and skills to invest in advanced and evasive attack methods. Furthermore, the RaaS business model extends the pool of attackers deploying ransomware, bringing it within reach of anyone willing to lease and leverage the kits.
Operational resilience in the supply chain is critical. Preparing for cyberattacks can give companies the leg up they need to recover from an attack and minimize downtime.
Amid supply chain volatility, cyber threats and rising customer expectations, a single disruption in manufacturing can have a global impact. This makes operations resiliency crucial for manufacturers that need to minimize downtime and financial losses.
In January 2024, 8base ransomware targeted a mid-sized car care manufacturer, exploiting compromised credentials. Over the course of a weekend, the attackers’ footprint spread from one compromised workstation to hundreds of devices in the network infrastructure, infecting several unprotected machines.
Although the company did not protect all devices, the security measures were enough to prevent attackers from fully encrypting machines and disabling security. The IT team restored 13 affected devices to their pre-attack state and manually recovered six others.
Traditional perimeter security can’t keep pace with the rapid rise of connected devices, legacy equipment and the growing overlap of IT and operational technology (OT) environments. Manufacturers must shift toward proactive security models to protect critical operations that are vulnerable to today’s fast-moving threats.
Five Best Practices for Manufacturers
- Deploy Multilayered Email Security. Attackers are getting better at slipping past spam filters and gateways. Manufacturers need to review and adjust their email security regularly to keep up. Conducting regular performance health checks on your email gateway settings to ensure optimal performance is an integral part of ongoing protection. Manufacturers can add an additional layer of email protection by leveraging technology to detect and protect against targeted phishing attacks. AI-powered cloud email security scans for bad links or attachments, giving IT teams an extra layer of protection.
- Protect Users’ Access. Protecting access and users’ accounts should be an integral part of your organization’s cybersecurity strategy. By adding multifactor authentication (MFA), IT teams can create an additional layer of protection beyond requiring a username and password.
- Automate Incident Response. Automated incident response tools help IT teams quickly remove threats from user inboxes and speed up remediation. Powered by AI, these tools monitor for suspicious activity, analyze it in real time and act fast to contain the threat.
- Educate Employees. Employees are a crucial line of defense, so it’s important to include the latest email threats in their ongoing security awareness training. Ensure employees can identify these attacks and know how to report them. Use phishing simulations to train users, measure training effectiveness and identify those most vulnerable to attacks.
- Secure and Back Up All Data. To avoid data loss as the result of a cyberattack, such as ransomware, secure, isolate and back up your data. It’s also important to ensure that your backup solution allows you to restore data within a reasonable timeframe, so you can get operations back up and running. Manufacturers often discover issues such as corrupt backups or incomplete system coverage when restoring data. To prepare, run drills and test data backups to ensure a smooth recovery.
RaaS and the Race to Recover
With highly sensitive data across their operations, threat actors are increasingly targeting manufacturers, trying to infiltrate the companies’ networks through outdated systems and legacy infrastructure.
A breach may shut down production, disrupt supply chains and lead to serious financial losses. Manufacturers must update their cybersecurity strategies and adopt proactive tools like endpoint protection and real-time threat intelligence to stay resilient.