Manufacturing organizations are prime targets for cybersecurity threat actors creating a need to properly manage security posture.
by Ed Mosquera, Technical Director at Skybox
Industrial and manufacturing organizations are quickly becoming targets for cybersecurity threat actors thanks to the unique challenges they face due to connected physical systems. If network visualization isn’t in place, it’s challenging for security analysts to find where gaps in their networks exist and where threat actors are most likely to target. Across cybersecurity organizations, a compliance framework is often used to implement guidelines and standards. Still, these criteria don’t necessarily achieve the level of security an organization actually requires to prevent breaches.
The NIST Framework provides organizations like those in the manufacturing industry with an easy-to-understand framework for managing and reducing cyber risk to protect networks and data. However, with record-breaking vulnerabilities, rising OT security risks, and increasing exploits in the wild, operators must go beyond this framework and adopt a proactive security posture to defend against attacks.
Manufacturing organizations need to begin rigorously managing their security posture to prevent disaster. Continuous assessment of the overall strength of their controls, processes, and compliance programs is required to strengthen security efficacy to reduce exposure risks proactively. IT and OT system visibility and a comprehensive plan to identify and prioritize exploitable vulnerabilities should play a fundamental role in this proactive strategy to determine if the system is potentially open to a cyberattack.
The lack of visibility into an organization’s network combined with siloed IT and OT environments makes managing compliance and remediating the vulnerabilities that matter more challenging. Professionals experienced in both IT and OT environments are increasingly rare, and the ongoing talent gap contributes to the complexity of hybrid environments. A 2022 cybersecurity benchmarking study predicts ransomware attacks will jump over the next two years, with manufacturing being a significant target for cyberattacks. Additionally, Skybox Research Lab found vulnerabilities in OT technology nearly doubling yearly due to assets increasingly being added to online networks.
NIST and other compliance frameworks provide some insight into manufacturing and industrial technologies. However, these guidelines do not consider a plant or factory’s technological landscape. For example, the Guidelines on Firewalls and Firewall Policy (NIST 800-41) only pertains to security controls and firewalls at a network’s perimeter and zone-to-zone access but does not include guidance on measures needed for user identity, virtualization or container security.
Manufacturing organizations invest significant resources to bring their factory technology online and seek to protect it based on the NIST framework. Unfortunately, when OT administrators have satisfied the checklist, it can be easy to assume they are safe because they’ve earned such certifications. This kind of thinking limits teams from finding gaps that threat actors can exploit.
Reactive strategies centered on scanning and patching have become too laborious and overwhelming, and disabling essential systems for upgrades is an expensive proposition. Cybercriminals understand that they can fly under the radar of traditional approaches, and ransomware attacks in manufacturing are likely to pay off. Therefore, manufacturing organizations would be better suited to adopt a proactive approach that includes identifying critical risks and merging IT/OT environments exposed to adversaries.
The evolving threat landscape faced by the manufacturing sector requires dynamic risk-based strategies, including surpassing NIST Framework with a thorough vulnerability management plan. This approach enables OT administrators and security teams to manage all risks across their organization’s attack surface. While there are multiple aspects to a proactive risk-based strategy, these three components are critical for successful implementation:
A risk-based approach that goes beyond the NIST framework permits leaders to overcome complexity with a proactive security posture management program. Such an approach has been shown to increase accuracy and eliminate downtime while increasing business resiliency and preventing breaches. A recent study showed that 48% of organizations with no breaches in 2021 took a risk-based approach to their security programs. Built with cybersecurity frameworks as a starting point, risk-based strategies allow manufacturing organizations to develop modern cybersecurity programs that defend and protect even the most complex environments.
Ed Mosquera is a Technical Director at Skybox Security. Before his time at Skybox, Ed served as a Cybersecurity Collaboration Program Manager at Bank of America.
Women Powering Manufacturing: Breaking Barriers
Magen Buterbaugh is the President & CEO at Greene Tweed. Listen to her insights on her ambition to be a lawyer and how her math teacher suggested she consider chemical engineering. Now with several accolades to her name including being honored as one of the 2020 Most Outstanding Engineering Alumnus of Penn State and a Board Member of National Association of Manufacturers (NAM) she has never looked back.
Get In Touch
Google news and SEO compliant, Industry Today’s state-of-the-art digital media platform offers bespoke media campaigns that target key decision makers and buyers to achieve your marketing and promotional goals.
Contribute
Showcase your brand and promote your business to our highly targeted audience. We offer detailed Google Analytics with measurable ROI to assure success. Submit your content for review by our Editorial team who will contact you to discuss the project further.
About Us
Reach Your Targeted Audience and Grow Your Business. Learn more About Industry Today.
Contact Us
© 2025 Industry today. All Rights reserved.
