Manufacturing’s Cybersecurity Crisis: Third-Party Access May Be Your Biggest Safety Risk

Manufacturing’s growing interconnectedness via the use of more global suppliers, digital production lines and the convergence of OT and IT have all helped to increase productivity. But they have also introduced new risks. As a result, security (cyber protection) and safety (physical protection) should no longer be viewed as two different realms.

These days, a compromised credential can have the same effect as a broken machine. It may halt a production line, reduce the quality of the final product or even endanger employees. Dragos reported 657 ransomware incidents against industrial organizations in the second quarter of 2025. Manufacturing represented 65% of those cases, clearly indicating that this industry has grown to be a prime target.

Although statistics from around the world demonstrate the scope of the cybersecurity issue, a recent event in Brazil highlights the lesson for all industries. The biggest financial cyberattack in the nation's history, the C&M Software attack demonstrated that you don't have to hit the target to wreak havoc. You only have to compromise a supplier.

When third parties become the weakest link

Many were taken aback by the C&M attack's methodology as well as its magnitude. In this case, C&M Software connected Brazil’s financial institutions to the country’s Pix instant payments infrastructure. The banks themselves were never directly accessed by the attackers, only C&M Software was compromised. By doing this, the attackers were able to access several important institutions in a single breach.

The lesson here is clear. Your partners are part of your attack surface with today's interconnected ecosystems. Whether you like it or not, suppliers, vendors and integrators are a part of your security posture.

This makes the manufacturing analogy is obvious. Remote maintenance teams, automation providers, OEMs and system integrators are often granted access to production systems. If one of them is compromised, attackers may be able to introduce malicious code during an update, change process logic or disable safety interlocks. 

Industrial events that enforce the lesson

Unauthorized access to medical device manufacturer Masimo's on-premises systems occurred in May 2025. Medical equipment shipments were delayed and production slowed. The biggest steel manufacturer in the United States, Nucor, had to halt operations at multiple plants a few days later to address a cyber incident.

The pattern is the same despite different businesses and industries. Attackers disrupted production by taking advantage of access. IT systems were not the only systems affected. The factory floor was reached.

Physical barriers, interlocks and emergency stops have been standard for machine safety for many years. Passwords, firewalls and antivirus software have all long been part of cybersecurity. 

Any division between these two groups no longer exists as the distinction between security and safety has been blurred. This has happened because they are now interconnected layers of the same environment and thus need to be managed together from a cybersecurity viewpoint. 

Identity as a pillar of machine safety

In contemporary factories, each digital identity — whether that of an operator, engineer or supplier — is essentially a key to the machine. Thus, one of the most common attack vectors is identity.

An attacker does not always need to exploit a complex PLC vulnerability. A maintenance account that never expires, a supplier VPN that is always open or a shared admin password may be adequate. With valid credentials, an attacker can change process parameters, load unauthorized logic and disable safety features.

That’s why identity security encompasses more than just compliance; today it is a part of machine safety. Practices like segregation of duties, just-in-time access, session recording and continuous auditing have become essential. Inadequate credential management can make the difference between a shop floor incident and smooth operations.

Managing remote access

Third-party access is unavoidable in manufacturing. Vendors are required to patch software, update firmware and troubleshoot systems. That’s why controlling access, not determining whether to allow it, is the real challenge.

This is the purpose of remote access governance. It turns a structural risk into a managed procedure by applying three principles:

• Zero trust: no permanent or implicit access. Every request undergoes authentication and verification. 
• Just-in-time (JIT): credentials are only good for the task at hand before immediately disappearing. 
• Continuous auditing: every session is tracked, recorded and then examined.

On the shop floor, this approach offers genuine security. If an integrator needs to apply a patch, they are only allowed access during the maintenance window. It is limited to the resource in question and must be supervised. Once the task is finished, this access window should disappear.

Modern remote access systems like Domum use this model. Instead of using traditional VPNs, these systems use access flows based on auditing, JIT and zero trust. They also use AI-powered behavioral analysis to monitor sessions in real time. If someone executes commands that don't work as intended, the system sounds an alarm. Third-party access is therefore no longer merely managed but actively monitored by intelligent systems.

Designing for safety and security

Regulations are also evolving. In the ISA/IEC 62443 series, cybersecurity protocols for industrial automation are described. On top of this, the goal of standards like ISO 13849-1 and IEC 62061 is to ensure functional safety in machine control systems.

Each framework is valuable on its own, but together they have a transformative effect as safety and cybersecurity considerations must be made for any firmware update, patch or logic change. This is the fundamental element of safety by design and security by design. 

Manufacturers are increasingly expected to use integrated approaches by regulators and consumers who seek confirmation that both digital and physical security are a part of a machine's lifecycle.

• ISA Releases New Cybersecurity Guidance for Industrial Control Systems Protection 
• Podcast: Why Manufacturers Can’t Delay Industrial Cybersecurity 
• Ixana's New Chip Eliminates the Need for USB Ports on Sealed IoT Devices