How Manufacturers Are Combatting Ransomware, Supply Chain Attacks and IIoT Vulnerabilities

From AI-powered detection to cloud strategies, industrial companies are using multi-layered defenses against ever-evolving digital threats and operational technology exploits.
Dec. 2, 2025
7 min read

Key Highlights

  • Complacency remains a critical threat as many manufacturers underestimate their risk exposure, viewing cybersecurity as a cost rather than essential insurance against operational and financial losses. 
  • IT/OT collaboration is transforming defense strategies, with manufacturers adopting frameworks like IEC 62443 and NIST CSF while implementing OT-specific security operations centers and penetration testing. 
  • Explainable AI enhances threat detection by analyzing network traffic and machine data to identify anomalies while providing context for alerts, reducing false positives and improving response accuracy.
1015889549
Engineer gathering data from multiple connected devices in a manufacturing operation

.

It’s no secret that digital threats across the board have been escalating, with attackers continuously creating clever ways around retaliatory solutions. And in industry, cyber intrusions have inflicted significant physical and financial damages.

Topping the list of cyber threats to industry are ransomware, supply-chain network vulnerabilities and phishing, said Priyanjan Sharma, Siemens’ R&D senior expert for cybersecurity services. 

Adding to this list, Matthew Kitson, operational technology cybersecurity consultant at Rockwell Automation, noted social engineering, legacy-system exploits and unsecured remote access. 

Specific to ransomware, i.e., hijacking data and releasing it only after the manufacturer pays a monetary sum, Kitson believes the prevalence of this threat in industry results from what he called the IT-to-OT spillover, where attackers exploit shared infrastructure.

Supply chain networks consisting of vendors and partners offer several entry points for attackers who can exploit these connections to bypass internal defenses. As factories become more interconnected, Sharma sees these supply chain compromises among the fastest-growing and hardest-to-detect attacks. 

By bridging the gap between technical detection and human interpretation, explainable anomaly detection enhances transparency and reduces false positives.

While none of these attack vectors are new, they often dominate industrial cybersecurity discussion to the point where other factors can be overlooked. That’s why Kitson noted complacency as a persistent threat in industry. He said a significant portion of the manufacturing industry is not developing mature industrial cybersecurity programs to address rising threats because some organizations believe they’re too small to be targeted, while others view cybersecurity as a cost rather than insurance against significant potential losses.

How industry is facing the threat

Manufacturers are responding to threats with a multi-layered approach for building resilience across operations. For example, Sharma said he sees more manufacturers first seeking to understand their existing security posture via detailed assessments; adopting standards like NIST CSF 2.0, IEC 62443 and ISO 27001; increasing employee training; and forging partnerships with cybersecurity vendors and government agencies.

Priyanjan Sharma

Priyanjan Sharma, Siemens’ R&D senior expert for cybersecurity services.

These detailed assessments Sharma referenced involve examining governance, people, processes and technology to provide a more complete view of a company’s cyber posture while adopting global standards to create a structured roadmap for a holistic approach to cybersecurity. 

He added that manufacturers are also aligning with new standards, such as the European Union’s Cyber Resilience Act (CRA) and NIS2 Directive. The CRA requires manufacturers of connected products to embed cybersecurity measures throughout the product lifecycle while NIS2 expands the scope of critical infrastructure protection, mandating stricter risk management, incident reporting and supply chain security.

Another significant factor in industry’s evolving approach to cybersecurity involves greater collaboration between OT and IT. Here, IT teams offer extensive experience in network defense, threat detection and incident response. This expertise helps OT teams integrate IT-driven monitoring and controls to improve visibility and protection.

The rise of IIoT is expanding the attack surface in manufacturing, but most cyber exploits still originate in IT environments.

Matthew Kitson

Matthew Kitson, operational technology cybersecurity consultant at Rockwell Automation.

Kitson said he also sees more manufacturers shifting from reactive defenses to proactive, OT-aligned cybersecurity. Maturity levels here vary across industry, with many adopting a governance-first approach to align with frameworks like IEC 62443 and NIST CSF. This ensures security investments are risk-based, measurable and continuously improved.

Meanwhile, some manufacturers are exploring capabilities like OT-specific security operations centers, tabletop exercises and penetration testing, according to Kitson.

If you’re not aware of tabletop exercises and penetration testing, here’s a short description of each:

  • Cybersecurity tabletop exercises are discussion-based training sessions where teams simulate responses to hypothetical cyberattack scenarios. These exercises help organizations test their incident response plans, identify weaknesses, and improve communication and coordination among team members. 
  • Cybersecurity penetration testing, or pen testing, is a simulated cyberattack on a computer system to identify vulnerabilities and weaknesses in its security. This process helps organizations understand their security posture and improve defenses against potential real-world attacks

Other key cybersecurity actions industrial companies are focusing on include:

  • Establishing dedicated teams to manage OT security independently from IT.
  • Leveraging the Purdue Model to isolate OT systems and limit lateral movement among connected devices and systems.
  • Implementing OT-specific policies and centralized log management to improve visibility and accountability.
  • Moving away from fragmented, disconnected tools and applying a comprehensive approach for an end-to-end program.

Cloud computing as a defense

Can cloud computing help thwart on-premises cybersecurity threats? In theory, the idea that keeping critical data off the factory floor and in the cloud is a safer approach to data security. 

Paul Sereiko

Paul Sereiko, director of marketing and product strategy at the FieldComm Group.

However, Paul Sereiko, director of marketing and product strategy at the FieldComm Group, noted that manufacturers often want to keep their IP and data private, which means keeing most data on premises. However, cloud connectivity of field- and edge-sourced data in support of cloud-based analytics can provide an extra layer of protection considering the high levels of security maintained by cloud computing providers. 

Of course, moving sensitive data and control systems off premises raises another set of concerns around data sovereignty, third-party access and potential exposure of critical assets. That’s why Sharma sees many manufacturers pursuing a hybrid approach, leveraging the cloud for analytics, monitoring and non-critical workloads while keeping core OT systems on-premises.

With proper implementation and monitoring, cloud computing offers numerous security benefits — most notable being extensive data protection that would be more complex and costly for manufacturers to implement and manage on their own. Some of the key security benefits of cloud computing include:

  • Provision of secure connection pathways between on-premises and cloud environments. 
  • Implementation of robust identity and access controls. 
  • Visibility into and ensured governance of cloud activity.

Cloud adoption is not a cybersecurity solution in and of itself, Kitson noted. But when integrated correctly, it can enhance a manufacturer’s broader security strategies.  

IIoT requires specific attention

Increased use of IIoT (Industrial Internet of Things) can be a significant factor in cybersecurity attacks and breaches because it connects so many production-critical systems to the corporate network. 

But are most cyber exploits using this pathway? 

Kitson noted that the rise of IIoT is expanding the attack surface in manufacturing, but most cyber exploits still originate in IT environments. Even so, he cautioned that IIoT connections play a role in:

  • Poorly segmented networks that can serve as bridges into IIoT networks and high-value OT devices once attackers gain initial access.
  • Many devices, especially legacy devices retrofitted for IIoT applications, lack robust security controls, making them vulnerable to manipulation or data exfiltration.
  • Inadequate patching, monitoring and authentication mechanisms leave IIoT devices and systems open to exploitation.

While not all cyber incidents originate from IIoT devices, Sharma believes their role in initial compromise and lateral movement is growing, especially in ransomware and espionage campaigns. 

To help ensure IIoT systems are not the principal means of cyberattack access, vendors are embedding stronger protections into their automation products, often backed by security certifications. 

Is AI the key to better industrial cyber protection?

Cybersecurity vendors are increasingly exploring the use of AI to detect and respond to threats across IT/OT systems. These software systems can analyze large volumes of network traffic, user behavior and machine data to identify anomalies and differentiate potential threats from normal but atypical activities on the network. 

A significant portion of the manufacturing industry is not developing mature industrial cybersecurity programs to address rising threats because some organizations believe they’re too small to be targeted, while others view cybersecurity as a cost rather than insurance against significant potential losses.

One key aspect of AI that’s being adopted is the use of explainable AI to improve trust and understanding in automated threat detection. These systems flag suspicious activity and explain the reasoning behind each alert to provide context and boost user understanding of why the system flagged the incident. By bridging this gap between technical detection and human interpretation, explainable anomaly detection enhances transparency and reduces false positives.

Machine learning models have proven to be especially helpful in identifying potential exposures to new threats and enabling predictive defense. These models deliver proactive monitoring abilities that aid in reducing downtime, improving response accuracy and enhancing situational awareness.

Other tools manufacturers should explore include asset inventory solutions, secure remote access platforms and managed services.  In the end, what sets successful cybersecurity programs apart, Kitson said, is their commitment to operational maturity, which involves aligning cybersecurity with business goals, training personnel and embedding security into every layer of the manufacturing process. 

More cybersecurity insights from Automation World:

OT Managed Services: A Smarter Model for Industrial Operations 

AI is Transforming Manufacturing Cybersecurity from Threat Detection to Compliance Automation 

Siemens Launches Zero Trust Security Platform for Industrial OT Networks 

About the Author

Mat Dirjish, contributing writer

Sign up for our eNewsletters
Get the latest news and updates

Related

AI Vision System Uses Synthetic Data to Master Food Inspection Variability
Out of Sight, Out of Sync: The Hidden Challenge in Visibility
Which Ignition Edition Is Right For Your System?
Sponsored
7 Surprisingly Powerful Benefits Of Viewing SCADA On Any Device
Sponsored