Cybersecurity for the Manufacturing sector | Hunt & Hackett

As a cornerstone of the global economy, the manufacturing sector has long been a target for financially motivated criminals and nation-state actors alike. Industrial espionage itself dates back centuries - some credit the start of the Industrial Revolution to British silk spinner John Lombe, who in the early 18th century stole proprietary equipment designs from an Italian manufacturer. He returned to England and used the stolen knowledge to build the world’s first successful powered continuous production unit, laying the foundations for the modern factory.

Fast forward 300 years, and the threat of having your ideas stolen - or falling victim to other malicious activity - has not only grown but shifted into cyberspace. Today, manufacturers face an unprecedented surge in cyberattacks, from ransomware and Business Email Compromise to data theft and digital espionage. Nation state (sponsored) threat actors from China, Russia, Iran and North Korea are well known to target manufacturing organizations to obtain a commercial and/or intellectual advantage. As the industry continues to modernize and expand, so do the risks - especially if the appropriate defenses are not in place.

How can you address this growing threat?

There is a legendary saying on how to overcome your adversaries: 'know thy enemy and know yourself; in a hundred battles, you will never be defeated'. To know your enemy starts with gaining an understanding of your threat landscape, your adversaries’ intentions, their modus operandi, and specific attacking methods. The following sections provide a glimpse of the key threats facing the manufacturing sector, followed by our approach for defending against them. The blog series which can be found at the bottom of this page provides further details of the manufacturing threat landscape.

	Manufacturing	Manufacturing + related	Broader focus	All known
APTs	57	347	379	801
TTPs	1,178	3,254	3,330	4,112
Attack tools	900	2,791	2,852	3,666

Our proprietary threat diagnostic system shows an increase in malicious activity targeting the manufacturing sector in recent years. In fact, manufacturing faced more ransomware attacks than any other industry in 2024, accounting for 14% of total incidents. Cybercriminals view manufacturing companies as attractive targets for a few key reasons. For one, manufacturers rely on uninterrupted operations - any disruption can lead to millions in lost revenue, making them prime targets for ransomware extortion. Their vast and complex supply chains introduce additional vulnerabilities, where a breach in one company can ripple across an entire industry.

Intellectual property is another major draw, with cybercriminals and nation-state actors seeking to steal proprietary designs and processes for commercial or strategic gain. On top of that, many manufacturers still depend on aging operational technology (OT) systems that were never designed with cybersecurity in mind. As these systems become more connected through digital transformation, they create new entry points for attackers. To stay ahead of these evolving threats, manufacturers must first understand who is targeting them, what they’re after, and the tactics they use.

In their fight against cyber attacks, our customers typically go through several stages of maturity. By ramping up their prevention, detection and incident readiness over time – and optimizing this for their actual threat landscape – they reach a point where they have developed solid resilience against targeted attacks, with only highly controlled and accepted risks remaining.

There is no simple 'fix' to become resilient against the sophisticated cyber threats of today. Without serious resources or processes for systematic security activities, protection against modern cyber threats like ransomware is just a wish. Hunt & Hackett has developed a unique threat- and sector-driven approach to cybersecurity, enabling you to work from your current situation to a highly improved and controlled situation, optimized for your specific threat landscape and context as an organisation.

Schietschijven1

STAGE 1: Unknown risk
Pre-monitoring
-

Preventitive controls

Limited resilience

Schietschijven2-1

STAGE 2: Reduced risk
Post-monitoring
-

Preventitive CIS controls (IG1)

Detection & response controls

Resilience against non-targeted attacks

Schietschijven3

STAGE 3: Controlled risk
Implemented roadmap
-

Alignment between preventitive, detection & response CIS controls (IG2)

Resilience against non-targeted and semi-targeted attacks

Schietschijven4

STAGE 4: Highly controlled risk
Targeted attack resilience
-

Full redundancy between preventitve, detection & response CIS controls (IG3)

Resilience against against advanced targeted attacks

	
		OSZAR »