Why manufacturers need new security guardrails to protect their operations.
By Dr. Jaushin Lee, Founder and CEO, Zentera Systems
From vehicle parts to computer chips, the manufacturing industry is vital to keeping our economy growing.
However, as the industry becomes increasingly connected and reliant on digital technologies, the potential attack surface has grown. Just one successful attack can not only disrupt operations but also damage reputations and result in significant financial losses.
One of the most commonly touted mitigations to lessen these risks is training personnel on basic cyber hygiene. Although employee training is important, it is simply insufficient to counteract the growing sophistication of cyberattacks targeting this sector.
Here’s why employee training, paired with other traditional approaches, falls short and why manufacturers need to consider new technological guardrails to protect their operations.
Given unlimited resources, any security team would be a step ahead of threats. Unfortunately, that’s far from the reality on the ground. Making matters worse, cybersecurity threats evolve too quickly, and business realities make it difficult to keep up with vulnerability patching.
The result?
A reactive security posture that leaves teams attempting to address threats as they are discovered—akin to playing whack-a-mole. This leaves critical manufacturing operations at risk.
The dangerous reality of today’s cyberattacks, however, is not only their inevitability but also their speed. After obtaining a singular foothold, an attack can unfold with astonishing quickness—before any security analysts can identify a problem. In 2018, for example, a malware infection at Taiwan Semiconductor Manufacturing Company simultaneously disrupted multiple semiconductor fabrication plants worldwide, halting production at a scale more severe than most natural disasters.
Manufacturing environments are particularly exposed due to their reliance on Internet of Things (IoT) and operational technology (OT) systems. The distributed nature and lower security controls of these systems allow threats to propagate quickly and overwhelm human-driven containment efforts. This is how the 2023 MOVEit ransomware attack hit, using a single software exploit to compromise hundreds of hosts within days.
Put another way, if we base our security strategy primarily on training employees, we are choosing a defense that is orders of magnitude slower than the technical threats we face. Although training is valuable, humans cannot outpace the speed at which digital attacks can spread.
Even when employees are trained to spot potential threats, there are still opportunities for threats to spread. This is because, despite the good intentions of training and awareness campaigns, humans remain the weakest link in cybersecurity. In fact, according to the Verizon Data Breach Report, 60 percent of all attacks involved a human element.
As a result, increasingly sophisticated social engineering attacks are introducing significant risk.
One technique, business email compromise (BEC), illustrates how easily it can be to deceive users. In these scams, attackers impersonate trusted individuals—such as senior executives or suppliers—to manipulate employees into taking an action or disclosing sensitive information.
The rise of AI has made these attacks even more convincing. AI-driven deepfakes can create realistic voice or video recordings of executives, while legitimate websites can add a new layer of credibility to fraudulent requests.
Similarly, hackers often exploit human fatigue to breach defenses.
A common tactic is multi-factor authentication (MFA) fatigue, in which attackers bombard users with repeated push notification requests, often late at night, until the user, in a drowsy or annoyed state, finally clicks “allow.” This occurred in the 2023 attack against Microsoft’s corporate network, as multiple attacks linked to threat actor group Storm-0558 consistently targeted employees with MFA requests.
This highlights a fundamental truth: Even well-trained employees are not immune to making mistakes under pressure or when their guard is down.
Whatever the path, the odds are stacked against manufacturing companies relying on traditional approaches and a reactive stance.
This is why manufacturers are increasingly turning to advanced security tools that serve as “guardrails,” providing a systematic, real-time, and comprehensive approach to mitigating risk.
Although every security program will be unique, three foundational elements form the required guardrails:
The principle of least privilege limits access rights to the minimum necessary for users and systems to perform tasks or access resources, reducing the impact of a compromised account. By restricting—and strictly enforcing—access to sensitive systems and data, manufacturers can more effectively contain breaches.
Zero Trust is a model that assumes that no entity, whether inside or outside the organization, should be trusted by default.
Using identity management tools and network segmentation, Zero Trust requires strict verification processes for identifying, authenticating, and authorizing users and devices at the network packet level—every time. Once in place, Zero Trust architecture can be an effective way to enforce the principle of least privilege.
Although network detection and response (NDR) tools are valuable for identifying threats, access policy violations involving critical assets should take precedence as they represent clear and immediate dangers to operations. By prioritizing the defense of high-value systems and implementing redundancy and other mitigation strategies, manufacturers can significantly reduce downtime and damage.
The growing sophistication of threats targeting manufacturing systems demands a more proactive and technology-driven approach.
By implementing these guardrails—such as least privilege, Zero Trust, and enhanced monitoring of critical assets—manufacturers can build an essential, robust foundation of defense that expects humans to be, well, human.
About the Author:
Dr. Jaushin Lee is the founder and CEO of Zentera Systems. He is a serial entrepreneur with many patents. He is also the visionary architect behind CoIP® Platform, Zentera’s award-winning Zero Trust security overlay. Jaushin has over 20 years of management and executive experience in networking and computer engineering through his experience with Cisco Systems, SGI, and Imera Systems.
Strength & Strategy: Powering America's Industrial Comeback
In this episode, I sat down with Beejan Giga, Director | Partner and Caleb Emerson, Senior Results Manager at Carpedia International. We discussed the insights behind their recent Industry Today article, “Thinking Three Moves Ahead” and together we explored how manufacturers can plan more strategically, align with their suppliers, and build the operational discipline needed to support intentional, sustainable growth. It was a conversation packed with practical perspectives on navigating a fast-changing industry landscape.
Get In Touch
Google news and SEO compliant, Industry Today’s state-of-the-art digital media platform offers bespoke media campaigns that target key decision makers and buyers to achieve your marketing and promotional goals.
Contribute
Showcase your brand and promote your business to our highly targeted audience. We offer detailed Google Analytics with measurable ROI to assure success. Submit your content for review by our Editorial team who will contact you to discuss the project further.
About Us
Reach Your Targeted Audience and Grow Your Business. Learn more About Industry Today.
Contact Us
© 2025 Industry today. All Rights reserved.
